CompTIA Security+ (SY0-601) — Question 644

A website user is locked out of an account after clicking an email link and visiting a different website. Web server logs show the user’s password was changed, even though the user did not change the password. Which of the following is the most likely cause?

Answer options

• A. Cross-site request forgery
• B. Directory traversal
• C. ARP poisoning
• D. SQL injection

Correct answer: A

Explanation

The correct answer is A, Cross-site request forgery, as it involves an attacker tricking the user into executing unwanted actions on a different website where they are authenticated. The other options, such as Directory traversal, ARP poisoning, and SQL injection, do not directly relate to the scenario of a password being changed through a malicious link without user consent.