Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 0d 19h 5m 54s Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

GIAC Exam GSNA Topic 4 Question 68 Discussion

Actual exam question for GIAC's GSNA exam
Question #: 68
Topic #: 4
[All GSNA Questions]

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: D

In Unix, the /etc/securetty file is used to identify the secure terminals from where the root can be allowed to log in.

Answer B is incorrect. In Unix, the /etc/ioports file shows which I/O ports are in use at the moment.

Answer A is incorrect. In Unix, the /etc/services file is the configuration file that lists the network services that the system supports.

Answer C is incorrect. In Unix, the /proc/interrupts file is the configuration file that shows the interrupts in use and how many of each

there has been.


by Tarra at Mar 20, 2025, 03:09 PM

Limited Time Offer

25%

Off

Get Premium GSNA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Hailey
11 days ago
All these options sound like a lot of work for the attacker. Guess they gotta be real determined to pull off a CSRF attack these days.
upvoted 0 times
...
Arlette
14 days ago
Authenticating in GET and POST parameters, not just cookies? That's a sneaky one. Guess they're trying to make it harder for the hackers to spoof the requests.
upvoted 0 times
...
Weldon
15 days ago
Limited lifetime authentication cookies? That's gotta be a good way to protect against CSRF. Keeps the bad guys on their toes.
upvoted 0 times
...
Sharen
20 days ago
Targeting a site that doesn't check the referrer header? Sounds like a shot in the dark, but maybe it's a common vulnerability.
upvoted 0 times
...
Ona
21 days ago
The attacker needs to determine all the form inputs? That's a tough one. I guess they need to be a real master of reverse engineering or something.
upvoted 0 times
Sabine
10 days ago
A) The attacker must determine the right values for all the form inputs.
upvoted 0 times
...
...
Joanna
2 months ago
I believe D is also a limitation. The target site should authenticate in GET and POST parameters, not just cookies.
upvoted 0 times
...
Jeffrey
2 months ago
I agree with Lajuana. The attacker needs to know the form inputs and the target site should have limited lifetime authentication cookies.
upvoted 0 times
...
Lajuana
2 months ago
I think the limitations for CSRF attack include A and C.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77
a