CompTIA PenTest+ (PT0-002) — Question 376

Based on the information in a report from a web application scanner, a website is susceptible to clickjacking. Which of the following techniques would be best to use to prove this exploit?

Answer options

• A. Capturing and replaying a session ID
• B. Redirecting the user with a CSRF
• C. Launching the website in an inline frame (iframe)
• D. Pulling server headers

Correct answer: C

Explanation

The correct answer is C, as launching the website in an inline frame (iframe) is a direct method to demonstrate clickjacking, allowing you to show how an attacker could overlay a malicious page on top of the legitimate site. The other options do not directly prove clickjacking: capturing a session ID (A) relates to session hijacking, CSRF (B) pertains to cross-site request forgery, and pulling server headers (D) does not demonstrate the exploit.