Certified Ethical Hacker (CEH v11) — Question 16

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

Answer options

• A. Clickjacking
• B. Cross-Site Scripting
• C. Cross-Site Request Forgery
• D. Web form input validation

Correct answer: C

Explanation

The correct answer is Cross-Site Request Forgery (CSRF), as it allows an attacker to trick the user into making unwanted requests to their bank while authenticated. Clickjacking and Cross-Site Scripting (XSS) are different types of attacks that do not fit this scenario, and web form input validation relates to ensuring data integrity rather than exploiting user sessions.