GIAC Exam GPEN Topic 5 Question 64 Discussion

Actual exam question for GIAC's GPEN exam

Question #: 64
Topic #: 5

[All GPEN Questions]

Which of the following statements are true about session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

AIt is used to slow the working of victim's network resources.

BTCP session hijacking is when a hacker takes over a TCP session between two machines.

CUse of a long random number or string as the session key reduces session hijacking.

DIt is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Show Suggested Answer

Suggested Answer: C

by Delmy at Dec 05, 2024, 08:28 AM

Limited Time Offer

25%

Off

Get Premium GPEN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Maricela

5 days ago

B and D are no-brainers, but A? Slowing down the network? That's like trying to catch a fish with a stick of dynamite. Not very subtle, is it?

upvoted 0 times

...

Cristal

7 days ago

Wow, this is a tricky one. I'm going to go with B, C, and D. A sounds more like a denial of service attack, not session hijacking.

upvoted 0 times

...

Dylan

15 days ago

I believe C is also true. Using a long random session key can definitely help prevent session hijacking.

upvoted 0 times

...

Vicente

16 days ago

All of these answers seem relevant to session hijacking. C is a good way to mitigate the risk, but you can never be too careful.

upvoted 0 times

...

Daniel

16 days ago

I agree with you, Ira. TCP session hijacking and unauthorized access are definitely part of session hijacking.

upvoted 0 times

...

Raul

18 days ago

B and D are definitely true. Session hijacking is a real threat and can lead to some serious security issues. I'm not sure about A though, seems a bit off.

upvoted 0 times

...

Ira

25 days ago

I think B and D are true.

upvoted 0 times

...