New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CFA-001 Exam - Topic 4 Question 39 Discussion

Actual exam question for GAQM's CFA-001 exam
Question #: 39
Topic #: 4
[All CFA-001 Questions]

Identify the attack from following sequence of actions?

Step 1: A user logs in to a trusted site and creates a new session

Step 2: The trusted site stores a session identifier for the session in a cookie in the web browser

Step 3: The user is tricked to visit a malicious site

Step 4: the malicious site sends a request from the user's browser using his session cookie

Show Suggested Answer Hide Answer
Suggested Answer: C

by Krissy at May 08, 2022, 11:49 PM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Adria
4 months ago
I thought XSS was more common for this kind of thing?
upvoted 0 times
...
Roslyn
4 months ago
This is textbook CSRF, easy to exploit.
upvoted 0 times
...
Viki
4 months ago
Wait, how can they use the session cookie like that?
upvoted 0 times
...
Elvis
4 months ago
Definitely CSRF, no doubt about it!
upvoted 0 times
...
Fanny
5 months ago
Sounds like a classic CSRF attack.
upvoted 0 times
...
Davida
5 months ago
I remember CSRF being about unauthorized actions using a user's session, so I think that's the right answer here.
upvoted 0 times
...
Glenna
5 months ago
I feel like this is definitely not a DoS attack, but I can't recall the exact differences between CSRF and hidden field manipulation.
upvoted 0 times
...
Shanda
5 months ago
I'm not entirely sure, but it sounds similar to the XSS questions we practiced. However, I remember CSRF involves using cookies too.
upvoted 0 times
...
Nikita
5 months ago
I think this might be a CSRF attack since the user is tricked into visiting a malicious site that uses their session cookie.
upvoted 0 times
...
Linn
5 months ago
Okay, let's think this through step-by-step. We need to configure two advanced WLAN settings for a BYOD wireless network with a dual SSID approach.
upvoted 0 times
...
Gwenn
5 months ago
This question seems straightforward, but I want to make sure I understand the differences between audits and management reviews before selecting an answer.
upvoted 0 times
...
Elvera
5 months ago
Hmm, I'm not totally sure about this one. I'll need to review the ISO 27002 standard to make sure I understand the access control requirements.
upvoted 0 times
...
Rebeca
5 months ago
This seems like a tricky one. I'll need to think through the different control functions and which one would be the least effective.
upvoted 0 times
...
Carla
5 months ago
I'm leaning towards blue for the run lines. I remember a similar question from the practice exam; just not sure if it's correct.
upvoted 0 times
...

Save Cancel