Certified Information Systems Security Professional (CISSP) — Question 24

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user realizing it?

Answer options

• A. Process injection
• B. Cross-Site request forgery (CSRF)
• C. Cross-Site Scripting (XSS)
• D. Broken Authentication And Session Management

Correct answer: B

Explanation

The correct answer is B, Cross-Site request forgery (CSRF), as this attack tricks an authenticated user into executing unwanted actions on a web application. Options A, C, and D refer to different types of vulnerabilities: A involves injecting code into a process, C involves executing scripts in a user's browser, and D relates to issues with managing user sessions and authentication processes.