Certified Network Defender (CND) — Question 171

Adam, malicious hacker, has just succeeded in stealing through a secure cookie XSS attack. He is able to play back the cookie even if the session is valid on the server. Which of the following is the most likely cause of this issue?

Answer options

• A. Two-way encryption is used.
• B. Encryption is performed at the application level (one encryption key).
• C. Encryption does not apply.
• D. Scrambling is performed in the network (layer 1 encryption)
• E. None

Correct answer: B

Explanation

The correct answer is B because if encryption is done at the application level with only one encryption key, it can be more susceptible to attacks like XSS, allowing attackers to replay stolen cookies. Options A and D imply stronger encryption methods that would typically provide better security, while C suggests no encryption, which does not specifically address the use of an encryption key leading to the vulnerability.