An attack that is based on the exploitation of the trust a Web site has in a visiting user that enables an attacker to send arbitrary HTTP requests as if they came from the trusted user is known as?
A. Cross-site scripting
B. SQL injection
C. Cross-site request forgery
D. Domain kiting
The correct answer is C.
Domain: 4.1. Cross-site request forgery (CSRF) is an attack that is based on the exploitation of the trust a Web site has in a visiting user and enables an attacker to send arbitrary HTTP requests as if they came from the trusted user. One example of a CSRF is the Zeus banking trojan, which, after a client made a successful authentication to their bank’s Web site, sent a request to transfer funds as if they were the client.
Related Courses
Security+ Certification Boot Camp (SYO-301)
Security+ Prep Course (SYO-301)
CompTIA Advanced Security Practitioner (CASP) Prep Course