GIAC Certified Incident Handler (GCIH) — Question 200

Which of the following squid proxy log fields is easiest for an attacker to spoof?

Answer options

• A. HTTP method
• B. Session duration
• C. Timestamp
• D. User agent

Correct answer: A

Explanation

The HTTP method is easiest to spoof because it is a field that can be manipulated in the request sent to the proxy server, allowing attackers to disguise their actions. In contrast, fields like session duration, timestamp, and user agent are typically more difficult to alter without detection, as they are often generated or logged by the server itself.