ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CCSP All Questions

View all questions & answers for the CCSP exam
Go to Exam

Exam CCSP topic 1 question 204 discussion

Actual exam question from ISC's CCSP
Question #: 204
Topic #: 1
[All CCSP Questions]

Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?

  • A. Injection
  • B. Missing function-level access control
  • C. Cross-site scripting
  • D. Cross-site request forgery
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
A cross-site request forgery (CSRF) attack forces a client that a user has used to authenticate to an application to send forged requests under the user's own credentials to execute commands and requests that the application thinks are coming from a trusted client and user. Although this type of attack cannot be used to steal data directly because the attacker has no way of seeing the results of the commands, it does open other ways to compromise an application. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes. An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries.
by NileshGavali at July 23, 2020, 9:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MaciekMT
1 month, 4 weeks ago
Selected Answer: D
Cross-site request forgery (CSRF) involves tricking an authenticated user's browser into sending manipulated, unauthorized requests to an application. These requests are made using the user's own credentials, effectively causing the application to execute commands as if they were legitimately initiated by the user. This is distinct from injection (which manipulates input to exploit vulnerabilities) or cross-site scripting (which injects malicious scripts into web pages)
upvoted 1 times
...
akg001
5 months ago
Selected Answer: D
D. Cross-site request forgery
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago