GIAC
GWAPT · Question #30
GWAPT Question #30: Real Exam Question with Answer & Explanation
Sign in or unlock GWAPT to reveal the answer and full explanation for question #30. The question stem and answer options stay visible for context.
Question
A web application you are testing uses anti-CSRF tokens but allows GET requests for sensitive operations. How would you verify if it is still vulnerable to CSRF?
Options
- AAttempt to change user data using a POST request
- BEmbed a malicious request in an image tag and load it in the browser
- CDisable JavaScript in the browser and navigate the application
- DReboot the server to reset sessions
Unlock GWAPT to see the answer
You've previewed enough free GWAPT questions. Unlock GWAPT for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.