Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CFA-001 Exam - Topic 4 Question 58 Discussion

Actual exam question for GAQM's CFA-001 exam
Question #: 58
Topic #: 4
[All CFA-001 Questions]

Attacker uses vulnerabilities in the authentication or session management functions such as exposed accounts, session IDs, logout, password management, timeouts, remember me. secret question, account update etc. to impersonate users, if a user simply closes the browser without logging out from sites accessed through a public computer, attacker can use the same browser later and exploit the user's privileges. Which of the following vulnerability/exploitation is referred above?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Lashandra at Dec 06, 2022, 01:44 PM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Leigha
6 months ago
Are we sure this is a common issue? Seems exaggerated.
upvoted 0 times
...
Alfreda
6 months ago
It's all about session management, folks!
upvoted 0 times
...
Casey
7 months ago
I thought closing the browser would be enough?
upvoted 0 times
...
Shayne
7 months ago
Definitely a risk if you forget to log out!
upvoted 0 times
...
Donette
7 months ago
Sounds like classic session hijacking to me.
upvoted 0 times
...
Kati
7 months ago
I definitely remember that session IDs can be exploited, especially if they're not handled properly. This might be the right choice.
upvoted 0 times
...
Simona
7 months ago
I feel like the answer might be Timeout Exploitation since it mentions closing the browser, but I could be mixing it up with another concept.
upvoted 0 times
...
Myong
7 months ago
I remember practicing a question about session fixation attacks, and this seems similar, but I can't recall the exact term.
upvoted 0 times
...
Nancey
7 months ago
I think this is related to session management, but I'm not entirely sure if it's specifically about session IDs in URLs or something else.
upvoted 0 times
...
Hayley
7 months ago
I've got a good feeling about this one. Encryption is the obvious choice to pair with data fragmentation for enhanced security. The other options don't seem as relevant.
upvoted 0 times
...
Glynda
7 months ago
The audit policy file looks a bit complex, but I think I can figure it out. I'll start by adding the rules for the specific resources and namespaces mentioned in the question.
upvoted 0 times
...
Antonio
8 months ago
Okay, the Network layer is where routing occurs. I'm confident in that answer.
upvoted 0 times
...
Suzan
1 year ago
I bet the answer is B) Timeout Exploitation. It's like leaving your car unlocked in a bad neighborhood - the attacker just strolls in and takes over your account. Classic!
upvoted 0 times
Felix
11 months ago
C) I/O exploitation
upvoted 0 times
...
Stephane
11 months ago
B) Timeout Exploitation
upvoted 0 times
...
Galen
11 months ago
A) Session ID in URLs
upvoted 0 times
...
Nan
11 months ago
User 3: Definitely a risky move to not log out properly.
upvoted 0 times
...
Ressie
12 months ago
User 2: Yeah, it's like leaving the door wide open for attackers.
upvoted 0 times
...
Arlen
1 year ago
User 1: I think the answer is B) Timeout Exploitation.
upvoted 0 times
...
...
Starr
1 year ago
This is a tricky one. The question covers a lot of ground, but I'm going to have to go with D) Password Exploitation. Exposed accounts and weak password management can really open the door for impersonation attacks.
upvoted 0 times
Mariann
11 months ago
D) Password Exploitation
upvoted 0 times
...
Jacqueline
11 months ago
C) I/O exploitation
upvoted 0 times
...
Kallie
11 months ago
B) Timeout Exploitation
upvoted 0 times
...
Melina
11 months ago
A) Session ID in URLs
upvoted 0 times
...
Gertude
12 months ago
D) Password Exploitation
upvoted 0 times
...
Nu
1 year ago
C) I/O exploitation
upvoted 0 times
...
Veronique
1 year ago
B) Timeout Exploitation
upvoted 0 times
...
Maybelle
1 year ago
A) Session ID in URLs
upvoted 0 times
...
...
Mitsue
1 year ago
Hmm, I'm not sure. The question mentions a lot of different vulnerabilities, but I think the one being referred to is A) Session ID in URLs. That's a pretty sneaky way for an attacker to impersonate a user.
upvoted 0 times
Dusti
12 months ago
Yeah, it's important to always log out of public computers to prevent unauthorized access.
upvoted 0 times
...
Jin
1 year ago
I think you're right, Session ID in URLs can definitely be exploited by attackers.
upvoted 0 times
...
...
Mari
1 year ago
Ah, this is a classic case of session management vulnerabilities. I'd say the answer is B) Timeout Exploitation. Leaving the browser open without logging out is a common mistake that can leave users vulnerable.
upvoted 0 times
Derrick
1 year ago
Password exploitation is another common method used by attackers to impersonate users.
upvoted 0 times
...
Lamonica
1 year ago
Session ID in URLs can also be a vulnerability if not handled properly.
upvoted 0 times
...
Tamekia
1 year ago
It's important to always log out of public computers to prevent unauthorized access.
upvoted 0 times
...
Rodolfo
1 year ago
Yes, you're right. Timeout exploitation is a major risk when users don't log out.
upvoted 0 times
...
...
Evette
1 year ago
I believe Timeout Exploitation is also a potential vulnerability, as not setting proper timeouts can leave a user's session open for exploitation.
upvoted 0 times
...
Jaime
1 year ago
I agree with Kip, because if the session ID is exposed, an attacker can easily impersonate users.
upvoted 0 times
...
Kip
1 year ago
I think the vulnerability/exploitation referred above is Session ID in URLs.
upvoted 0 times
...

Save Cancel