Certified Information Systems Auditor (CISA) — Question 392

The use of cookies constitutes the MOST significant security threat when they are used for:

Answer options

• A. obtaining a public key from a certification authority (CA).
• B. forwarding email and Internet Protocol (IP) addresses.
• C. authenticating using username and password.
• D. downloading files from the host server.

Correct answer: C

Explanation

The correct answer is C because cookies can store authentication information, which if intercepted, may allow unauthorized access to user accounts. Options A, B, and D do not involve authentication and therefore do not pose the same level of risk associated with cookies.