GIAC Exam GSNA Topic 4 Question 68 Discussion

Actual exam question for GIAC's GSNA exam

Question #: 68
Topic #: 4

[All GSNA Questions]

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

AThe attacker must determine the right values for all the form inputs.

BThe attacker must target a site that doesn't check the referrer header.

CThe target site should have limited lifetime authentication cookies.

DThe target site should authenticate in GET and POST parameters, not only cookies.

Show Suggested Answer

Suggested Answer: D

In Unix, the /etc/securetty file is used to identify the secure terminals from where the root can be allowed to log in.

Answer B is incorrect. In Unix, the /etc/ioports file shows which I/O ports are in use at the moment.

Answer A is incorrect. In Unix, the /etc/services file is the configuration file that lists the network services that the system supports.

Answer C is incorrect. In Unix, the /proc/interrupts file is the configuration file that shows the interrupts in use and how many of each

there has been.

by Tarra at Mar 20, 2025, 03:09 PM

Limited Time Offer

25%

Off

Get Premium GSNA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Hailey

1 months ago

All these options sound like a lot of work for the attacker. Guess they gotta be real determined to pull off a CSRF attack these days.

upvoted 0 times

Madelyn

8 days ago

Yeah, it's not easy to pull off a CSRF attack with all those limitations.

upvoted 0 times

...

Arlette

1 months ago

Authenticating in GET and POST parameters, not just cookies? That's a sneaky one. Guess they're trying to make it harder for the hackers to spoof the requests.

upvoted 0 times

...

Weldon

1 months ago

Limited lifetime authentication cookies? That's gotta be a good way to protect against CSRF. Keeps the bad guys on their toes.

upvoted 0 times

Dortha

A) The attacker must determine the right values for all the form inputs.

upvoted 0 times

...

Sharen

1 months ago

Targeting a site that doesn't check the referrer header? Sounds like a shot in the dark, but maybe it's a common vulnerability.

upvoted 0 times

...

Ona

1 months ago

The attacker needs to determine all the form inputs? That's a tough one. I guess they need to be a real master of reverse engineering or something.

upvoted 0 times

Tresa

3 days ago

C) The target site should have limited lifetime authentication cookies.

upvoted 0 times

...

Candida

18 days ago

B) The attacker must target a site that doesn't check the referrer header.

upvoted 0 times

...

Sabine

1 months ago

A) The attacker must determine the right values for all the form inputs.

upvoted 0 times

...

Joanna

2 months ago

I believe D is also a limitation. The target site should authenticate in GET and POST parameters, not just cookies.

upvoted 0 times

...

Jeffrey

3 months ago

I agree with Lajuana. The attacker needs to know the form inputs and the target site should have limited lifetime authentication cookies.

upvoted 0 times

...

Lajuana

3 months ago

I think the limitations for CSRF attack include A and C.

upvoted 0 times

...