Security+ Question of the Week: Trusted User Attack

SecurityQOW07An attack that is based on the exploitation of the trust a Web site has in a visiting user that enables an attacker to send arbitrary HTTP requests as if they came from the trusted user is known as?

A. Cross-site scripting
B. SQL injection
C. Cross-site request forgery
D. Domain kiting

QuestionFillBox

The correct answer is C.

Domain: 4.1. Cross-site request forgery (CSRF) is an attack that is based on the exploitation of the trust a Web site has in a visiting user and enables an attacker to send arbitrary HTTP requests as if they came from the trusted user. One example of a CSRF is the Zeus banking trojan, which, after a client made a successful authentication to their bank’s Web site, sent a request to transfer funds as if they were the client.

Related Courses
Security+ Prep Course (SY0-401)
Security+ Certification Boot Camp (SY0-401)

In this article

Join the Conversation