New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GSLC Exam - Topic 1 Question 24 Discussion

Actual exam question for GIAC's GSLC exam
Question #: 24
Topic #: 1
[All GSLC Questions]

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: A, B

by Matthew at May 09, 2022, 08:02 AM

Limited Time Offer

25%

Off

Get Premium GSLC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jerilyn
4 months ago
Wait, are we really still talking about CSRF? I thought it was old news!
upvoted 0 times
...
Trinidad
4 months ago
D seems right, but isn't it a bit outdated?
upvoted 0 times
...
Valene
4 months ago
C is interesting, but I think it's more about session management.
upvoted 0 times
...
Daisy
4 months ago
Totally agree with B, referrer checks are crucial!
upvoted 0 times
...
Chantell
5 months ago
A is definitely a limitation, attackers need the right values.
upvoted 0 times
...
Darrel
5 months ago
I seem to remember a practice question that mentioned option D, about using both GET and POST for authentication, but I'm not confident if that's a limitation for CSRF.
upvoted 0 times
...
Graciela
5 months ago
I'm not entirely sure about option B; I remember something about referrer headers being important, but I can't recall the specifics.
upvoted 0 times
...
Glenn
5 months ago
I think option A makes sense because if the attacker doesn't know the right values, they can't craft a successful request.
upvoted 0 times
...
Laurel
5 months ago
I feel like option C could be a limitation too, since if the cookies have a short lifetime, it would make CSRF less effective.
upvoted 0 times
...
Jolanda
5 months ago
Hmm, this looks like a tricky one. I'll need to think carefully about the different types of IOCs available in Cortex XDR.
upvoted 0 times
...
Abel
5 months ago
Hmm, I'm a bit unsure here. The question mentions the "Test Configuration" button, so it could be related to testing the communication with various components. I'll need to think this through carefully.
upvoted 0 times
...
Stefanie
5 months ago
Hmm, the issue seems to be with the client certificates. I'm thinking option C might be the way to go, but I'll double-check the other choices just to be sure.
upvoted 0 times
...

Save Cancel