SY0-301 · Question #247
SY0-301 Question #247: Real Exam Question with Answer & Explanation
The correct answer is B: Cross-site request forgery. This is a classic Cross-Site Request Forgery (CSRF) attack. The victim is authenticated to their router's admin interface in one browser tab, meaning the browser holds a valid session cookie for 192.168.1.1. When the victim clicks a malicious link on the forum, the link contains
Question
Options
- ABrute force password attack
- BCross-site request forgery
- CCross-site scripting
- DFuzzing
Explanation
This is a classic Cross-Site Request Forgery (CSRF) attack. The victim is authenticated to their router's admin interface in one browser tab, meaning the browser holds a valid session cookie for 192.168.1.1. When the victim clicks a malicious link on the forum, the link contains a crafted HTTP request (e.g., targeting http://192.168.1.1/reboot) that the victim's browser executes automatically, including the valid session cookie. The router sees the request as legitimate because it comes with a valid authenticated session. CSRF exploits the trust a website places in the user's browser. Brute Force (A) would require many repeated login attempts, not a single click. Cross-Site Scripting (C) injects malicious scripts into a trusted site's content to execute in the victim's browser, which is a different mechanism. Fuzzing (D) is a testing technique that sends random/invalid data to find bugs - it is not an end-user attack.
Community Discussion
No community discussion yet for this question.