nerdexam
ExamsGCIHQuestions#82
GIAC

GCIH · Question #82

GCIH Question #82: Real Exam Question with Answer & Explanation

The correct answer is A: Cross-site scripting. Session hijacking can be achieved through multiple techniques that steal, forge, or fix session tokens to impersonate an authenticated user.

Question

Which of the following can be used to perform session hijacking? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ACross-site scripting
  • BSession fixation
  • CARP spoofing
  • DSession sidejacking

Explanation

Session hijacking can be achieved through multiple techniques that steal, forge, or fix session tokens to impersonate an authenticated user.

Common mistakes.

  • C. ARP spoofing is a network-layer attack that redirects traffic for man-in-the-middle positioning but is not itself a session hijacking technique - it is a precursor that may enable other attacks.

Concept tested. Session hijacking attack techniques and vectors

Reference. https://owasp.org/www-community/attacks/Session_hijacking_attack

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice