Certified Ethical Hacker (CEH) — Question 1

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Answer options

• A. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
• B. Attempts by attackers to access the user and password information stored in the company's SQL database.
• C. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
• D. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

Correct answer: A

Explanation

The correct answer, A, addresses the risk of attackers stealing authentication credentials through the use of cookies that may remain after the browser session ends. Options B and C relate to database and local password security, while option D concerns tracking browsing patterns, which is not directly mitigated by cookie deletion.