Certified Information Systems Security Professional (CISSP) — Question 423
An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?
Answer options
- A. Clickjacking
- B. Cross-site request forgery (CSRF)
- C. Cross-Site Scripting (XSS)
- D. Injection
Correct answer: B
Explanation
The correct answer is B, Cross-site request forgery (CSRF), as it specifically refers to exploiting an authenticated session to perform unauthorized actions. Clickjacking (A) involves tricking users into clicking on something different from what they perceive, while Cross-Site Scripting (C) injects malicious scripts into web pages. Injection (D) generally refers to inserting harmful code into a system, which does not specifically involve session exploitation.