Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GSNA Topic 4 Question 68 Discussion

Actual exam question for GIAC's GSNA exam
Question #: 68
Topic #: 4
[All GSNA Questions]

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: D

In Unix, the /etc/securetty file is used to identify the secure terminals from where the root can be allowed to log in.

Answer B is incorrect. In Unix, the /etc/ioports file shows which I/O ports are in use at the moment.

Answer A is incorrect. In Unix, the /etc/services file is the configuration file that lists the network services that the system supports.

Answer C is incorrect. In Unix, the /proc/interrupts file is the configuration file that shows the interrupts in use and how many of each

there has been.


by Tarra at Mar 20, 2025, 03:09 PM

Limited Time Offer

25%

Off

Get Premium GSNA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Hailey
3 months ago
All these options sound like a lot of work for the attacker. Guess they gotta be real determined to pull off a CSRF attack these days.
upvoted 0 times
Merilyn
1 months ago
Agreed, it adds an extra layer of security for the target site.
upvoted 0 times
...
Kristel
2 months ago
I think having limited lifetime authentication cookies is a good defense against CSRF.
upvoted 0 times
...
Man
2 months ago
Definitely, the attacker needs to put in a lot of effort to make it work.
upvoted 0 times
...
Madelyn
2 months ago
Yeah, it's not easy to pull off a CSRF attack with all those limitations.
upvoted 0 times
...
...
Arlette
3 months ago
Authenticating in GET and POST parameters, not just cookies? That's a sneaky one. Guess they're trying to make it harder for the hackers to spoof the requests.
upvoted 0 times
...
Weldon
3 months ago
Limited lifetime authentication cookies? That's gotta be a good way to protect against CSRF. Keeps the bad guys on their toes.
upvoted 0 times
Peggie
2 months ago
C) The target site should have limited lifetime authentication cookies.
upvoted 0 times
...
Corazon
2 months ago
B) The attacker must target a site that doesn't check the referrer header.
upvoted 0 times
...
Dortha
2 months ago
A) The attacker must determine the right values for all the form inputs.
upvoted 0 times
...
...
Sharen
3 months ago
Targeting a site that doesn't check the referrer header? Sounds like a shot in the dark, but maybe it's a common vulnerability.
upvoted 0 times
...
Ona
3 months ago
The attacker needs to determine all the form inputs? That's a tough one. I guess they need to be a real master of reverse engineering or something.
upvoted 0 times
Tresa
2 months ago
C) The target site should have limited lifetime authentication cookies.
upvoted 0 times
...
Candida
2 months ago
B) The attacker must target a site that doesn't check the referrer header.
upvoted 0 times
...
Sabine
3 months ago
A) The attacker must determine the right values for all the form inputs.
upvoted 0 times
...
...
Joanna
4 months ago
I believe D is also a limitation. The target site should authenticate in GET and POST parameters, not just cookies.
upvoted 0 times
...
Jeffrey
4 months ago
I agree with Lajuana. The attacker needs to know the form inputs and the target site should have limited lifetime authentication cookies.
upvoted 0 times
...
Lajuana
4 months ago
I think the limitations for CSRF attack include A and C.
upvoted 0 times
...

Save Cancel