Certified Cloud Security Professional (CCSP) — Question 24

Which of the following threat types involves the sending of invalid and manipulated requests through a user's client to execute commands on the application under their own credentials?

Answer options

• A. Injection
• B. Cross-site request forgery
• C. Missing function-level access control
• D. Cross-site scripting

Correct answer: B

Explanation

The correct answer is B, as Cross-site request forgery (CSRF) specifically targets a user's authenticated session to perform unauthorized actions. Option A, Injection, refers to inserting malicious code into a system, while C, Missing function-level access control, deals with failure to restrict user permissions. D, Cross-site scripting, involves injecting malicious scripts into web pages, not sending requests through a user's client.