Exam SY0-601 topic 1 question 843 discussion

A. Cross-site request forgery Cross-site request forgery (CSRF) is the most likely cause in this scenario. CSRF occurs when a user is tricked into performing actions on a website without their knowledge or consent. In this case, the user clicked on an email link, likely leading them to a malicious website that executed a request to change the user's password on the legitimate website where they were logged in. The user's session was exploited to perform unauthorized actions, such as changing the password, without their explicit consent. This type of attack can be prevented by implementing mechanisms like CSRF tokens to validate the origin of requests.

A. Cross-site request forgery (XSRF) is a malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser. Also known as client-side forgery or CSRF The user is locked out of an account only after clicking an email link and visiting a different website indicating that cross-site forgery most likely took place

Cross-site request forgery (CSRF) (Option A): CSRF is an attack where a malicious website tricks a user's browser into making an unintended request to another site where the user is authenticated. In this case, clicking the email link and visiting a different website could have initiated a request to change the password on the target website without the user's knowledge