What countermeasure is described for mitigating a cross-site request forgery attack?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Exam. Use flashcards and multiple-choice questions with hints and explanations. Enhance your cyber security knowledge and get ready for the exam!

Multiple Choice

What countermeasure is described for mitigating a cross-site request forgery attack?

Explanation:
Cross-site request forgery relies on the browser sending the victim’s authenticated session with a forged request. If you’re still logged in and the browser holds your session cookies or credentials, a malicious site can trick the browser into performing actions on the trusted site as you. Ending the session immediately after use and not saving login details directly reduces that risk. When you log off, there’s no active authenticated session for a forged request to exploit. Clearing history and avoiding saved credentials further limit what a attacker could leverage, since the browser won’t automatically send valid session information or auto-fill sensitive actions. Other measures like logging activity, requiring multi-factor authentication for logins, or limiting login attempts address different security concerns (auditability, authentication strength, and brute-force protection) and don’t specifically prevent a forged request once an authenticated session exists. So, ending the session and not retaining credentials is the most effective on-the-fly mitigation among the options.

Cross-site request forgery relies on the browser sending the victim’s authenticated session with a forged request. If you’re still logged in and the browser holds your session cookies or credentials, a malicious site can trick the browser into performing actions on the trusted site as you.

Ending the session immediately after use and not saving login details directly reduces that risk. When you log off, there’s no active authenticated session for a forged request to exploit. Clearing history and avoiding saved credentials further limit what a attacker could leverage, since the browser won’t automatically send valid session information or auto-fill sensitive actions.

Other measures like logging activity, requiring multi-factor authentication for logins, or limiting login attempts address different security concerns (auditability, authentication strength, and brute-force protection) and don’t specifically prevent a forged request once an authenticated session exists. So, ending the session and not retaining credentials is the most effective on-the-fly mitigation among the options.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy