New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GSNA Exam - Topic 4 Question 68 Discussion

Actual exam question for GIAC's GSNA exam
Question #: 68
Topic #: 4
[All GSNA Questions]

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: D

In Unix, the /etc/securetty file is used to identify the secure terminals from where the root can be allowed to log in.

Answer B is incorrect. In Unix, the /etc/ioports file shows which I/O ports are in use at the moment.

Answer A is incorrect. In Unix, the /etc/services file is the configuration file that lists the network services that the system supports.

Answer C is incorrect. In Unix, the /proc/interrupts file is the configuration file that shows the interrupts in use and how many of each

there has been.


by Tarra at Mar 20, 2025, 03:09 PM

Limited Time Offer

25%

Off

Get Premium GSNA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lea
2 months ago
Wait, are people still not checking referrer headers? That's shocking!
upvoted 0 times
...
Vilma
2 months ago
D makes sense, but isn't it a bit outdated?
upvoted 0 times
...
Winfred
2 months ago
Totally agree with B, referrer checks are crucial!
upvoted 0 times
...
Lou
3 months ago
C is interesting, but I think it's more about session management.
upvoted 0 times
...
Shaun
3 months ago
A is definitely a limitation, attackers need the right values.
upvoted 0 times
...
Flo
3 months ago
I recall that using GET and POST parameters for authentication is a bad practice, but I can't remember if that directly relates to CSRF limitations.
upvoted 0 times
...
Raina
3 months ago
I practiced a question similar to this, and I feel like limiting authentication cookies could help mitigate CSRF, but I'm not entirely sure if that's a limitation.
upvoted 0 times
...
Luther
4 months ago
I think option B makes sense because if a site checks the referrer header, it can block CSRF attacks.
upvoted 0 times
...
Mammie
4 months ago
I remember that CSRF attacks rely on the user's session, but I'm not sure if the attacker needs to know all the form inputs.
upvoted 0 times
...
Lynna
4 months ago
This CSRF question seems straightforward. The limitations are about the attacker's ability to manipulate the request and the target site's defenses. I'm feeling confident I can nail this one.
upvoted 0 times
...
Rozella
4 months ago
Alright, I think I've got a handle on this. The limitations have to do with the attacker's ability to control the form inputs and the target site's security measures. Time to select the right answers.
upvoted 0 times
...
Kenneth
4 months ago
I'm a bit confused on this one. I know CSRF is about forging requests, but I'm not sure exactly what the limitations are. Guess I'll have to think it through.
upvoted 0 times
...
Leonida
5 months ago
Okay, let's see. I know CSRF attacks try to trick the user into performing actions they didn't intend. The key is figuring out what the limitations are.
upvoted 0 times
...
Lera
5 months ago
Hmm, this CSRF question looks tricky. I'll need to think carefully about the different limitations that can apply.
upvoted 0 times
...
Hailey
9 months ago
All these options sound like a lot of work for the attacker. Guess they gotta be real determined to pull off a CSRF attack these days.
upvoted 0 times
Merilyn
8 months ago
Agreed, it adds an extra layer of security for the target site.
upvoted 0 times
...
Kristel
8 months ago
I think having limited lifetime authentication cookies is a good defense against CSRF.
upvoted 0 times
...
Man
8 months ago
Definitely, the attacker needs to put in a lot of effort to make it work.
upvoted 0 times
...
Madelyn
8 months ago
Yeah, it's not easy to pull off a CSRF attack with all those limitations.
upvoted 0 times
...
...
Arlette
9 months ago
Authenticating in GET and POST parameters, not just cookies? That's a sneaky one. Guess they're trying to make it harder for the hackers to spoof the requests.
upvoted 0 times
...
Weldon
9 months ago
Limited lifetime authentication cookies? That's gotta be a good way to protect against CSRF. Keeps the bad guys on their toes.
upvoted 0 times
Peggie
8 months ago
C) The target site should have limited lifetime authentication cookies.
upvoted 0 times
...
Corazon
8 months ago
B) The attacker must target a site that doesn't check the referrer header.
upvoted 0 times
...
Dortha
8 months ago
A) The attacker must determine the right values for all the form inputs.
upvoted 0 times
...
...
Sharen
10 months ago
Targeting a site that doesn't check the referrer header? Sounds like a shot in the dark, but maybe it's a common vulnerability.
upvoted 0 times
...
Ona
10 months ago
The attacker needs to determine all the form inputs? That's a tough one. I guess they need to be a real master of reverse engineering or something.
upvoted 0 times
Tresa
8 months ago
C) The target site should have limited lifetime authentication cookies.
upvoted 0 times
...
Candida
9 months ago
B) The attacker must target a site that doesn't check the referrer header.
upvoted 0 times
...
Sabine
9 months ago
A) The attacker must determine the right values for all the form inputs.
upvoted 0 times
...
...
Joanna
11 months ago
I believe D is also a limitation. The target site should authenticate in GET and POST parameters, not just cookies.
upvoted 0 times
...
Jeffrey
11 months ago
I agree with Lajuana. The attacker needs to know the form inputs and the target site should have limited lifetime authentication cookies.
upvoted 0 times
...
Lajuana
11 months ago
I think the limitations for CSRF attack include A and C.
upvoted 0 times
...

Save Cancel