New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CFA-001 Exam - Topic 4 Question 58 Discussion

Actual exam question for GAQM's CFA-001 exam
Question #: 58
Topic #: 4
[All CFA-001 Questions]

Attacker uses vulnerabilities in the authentication or session management functions such as exposed accounts, session IDs, logout, password management, timeouts, remember me. secret question, account update etc. to impersonate users, if a user simply closes the browser without logging out from sites accessed through a public computer, attacker can use the same browser later and exploit the user's privileges. Which of the following vulnerability/exploitation is referred above?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Lashandra at Dec 06, 2022, 01:44 PM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Leigha
4 months ago
Are we sure this is a common issue? Seems exaggerated.
upvoted 0 times
...
Alfreda
4 months ago
It's all about session management, folks!
upvoted 0 times
...
Casey
4 months ago
I thought closing the browser would be enough?
upvoted 0 times
...
Shayne
4 months ago
Definitely a risk if you forget to log out!
upvoted 0 times
...
Donette
4 months ago
Sounds like classic session hijacking to me.
upvoted 0 times
...
Kati
5 months ago
I definitely remember that session IDs can be exploited, especially if they're not handled properly. This might be the right choice.
upvoted 0 times
...
Simona
5 months ago
I feel like the answer might be Timeout Exploitation since it mentions closing the browser, but I could be mixing it up with another concept.
upvoted 0 times
...
Myong
5 months ago
I remember practicing a question about session fixation attacks, and this seems similar, but I can't recall the exact term.
upvoted 0 times
...
Nancey
5 months ago
I think this is related to session management, but I'm not entirely sure if it's specifically about session IDs in URLs or something else.
upvoted 0 times
...
Hayley
5 months ago
I've got a good feeling about this one. Encryption is the obvious choice to pair with data fragmentation for enhanced security. The other options don't seem as relevant.
upvoted 0 times
...
Glynda
5 months ago
The audit policy file looks a bit complex, but I think I can figure it out. I'll start by adding the rules for the specific resources and namespaces mentioned in the question.
upvoted 0 times
...
Antonio
5 months ago
Okay, the Network layer is where routing occurs. I'm confident in that answer.
upvoted 0 times
...
Suzan
10 months ago
I bet the answer is B) Timeout Exploitation. It's like leaving your car unlocked in a bad neighborhood - the attacker just strolls in and takes over your account. Classic!
upvoted 0 times
Felix
8 months ago
C) I/O exploitation
upvoted 0 times
...
Stephane
8 months ago
B) Timeout Exploitation
upvoted 0 times
...
Galen
9 months ago
A) Session ID in URLs
upvoted 0 times
...
Nan
9 months ago
User 3: Definitely a risky move to not log out properly.
upvoted 0 times
...
Ressie
9 months ago
User 2: Yeah, it's like leaving the door wide open for attackers.
upvoted 0 times
...
Arlen
10 months ago
User 1: I think the answer is B) Timeout Exploitation.
upvoted 0 times
...
...
Starr
10 months ago
This is a tricky one. The question covers a lot of ground, but I'm going to have to go with D) Password Exploitation. Exposed accounts and weak password management can really open the door for impersonation attacks.
upvoted 0 times
Mariann
8 months ago
D) Password Exploitation
upvoted 0 times
...
Jacqueline
8 months ago
C) I/O exploitation
upvoted 0 times
...
Kallie
8 months ago
B) Timeout Exploitation
upvoted 0 times
...
Melina
9 months ago
A) Session ID in URLs
upvoted 0 times
...
Gertude
9 months ago
D) Password Exploitation
upvoted 0 times
...
Nu
9 months ago
C) I/O exploitation
upvoted 0 times
...
Veronique
10 months ago
B) Timeout Exploitation
upvoted 0 times
...
Maybelle
10 months ago
A) Session ID in URLs
upvoted 0 times
...
...
Mitsue
10 months ago
Hmm, I'm not sure. The question mentions a lot of different vulnerabilities, but I think the one being referred to is A) Session ID in URLs. That's a pretty sneaky way for an attacker to impersonate a user.
upvoted 0 times
Dusti
9 months ago
Yeah, it's important to always log out of public computers to prevent unauthorized access.
upvoted 0 times
...
Jin
10 months ago
I think you're right, Session ID in URLs can definitely be exploited by attackers.
upvoted 0 times
...
...
Mari
11 months ago
Ah, this is a classic case of session management vulnerabilities. I'd say the answer is B) Timeout Exploitation. Leaving the browser open without logging out is a common mistake that can leave users vulnerable.
upvoted 0 times
Derrick
10 months ago
Password exploitation is another common method used by attackers to impersonate users.
upvoted 0 times
...
Lamonica
10 months ago
Session ID in URLs can also be a vulnerability if not handled properly.
upvoted 0 times
...
Tamekia
10 months ago
It's important to always log out of public computers to prevent unauthorized access.
upvoted 0 times
...
Rodolfo
10 months ago
Yes, you're right. Timeout exploitation is a major risk when users don't log out.
upvoted 0 times
...
...
Evette
11 months ago
I believe Timeout Exploitation is also a potential vulnerability, as not setting proper timeouts can leave a user's session open for exploitation.
upvoted 0 times
...
Jaime
11 months ago
I agree with Kip, because if the session ID is exposed, an attacker can easily impersonate users.
upvoted 0 times
...
Kip
11 months ago
I think the vulnerability/exploitation referred above is Session ID in URLs.
upvoted 0 times
...

Save Cancel