Certified Ethical Hacker (CEH v11) — Question 157

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Answer options

• A. Attempts by attackers to access the user and password information stored in the company's SQL database.
• B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
• C. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
• D. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

Correct answer: B

Explanation

The correct answer, B, addresses the risk of attackers stealing authentication credentials from cookies, allowing them to access trusted sites impersonating the user. Options A and C focus on database and local password theft, which are not directly mitigated by cookie deletion. Option D concerns user activity tracking, which is not the primary focus of this security policy.