Certified Ethical Hacker (CEH v11) — Question 234

Cross-site request forgery involves:

Answer options

• A. A request sent by a malicious user from a browser to a server
• B. A server making a request to another server without the user's knowledge
• C. Modification of a request by a proxy between client and server.
• D. A browser making a request to a server without the user's knowledge

Correct answer: D

Explanation

The correct answer is D because cross-site request forgery (CSRF) occurs when a browser makes an unwanted request to a server on behalf of a user who is authenticated. Option A describes a malicious request but does not specify that it is made without user knowledge. Option B refers to server-to-server communication, which is not related to CSRF, and option C involves a proxy altering requests, which is not the essence of CSRF.