ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 869 discussion

Actual exam question from CompTIA's SY0-501
Question #: 869
Topic #: 1
[All SY0-501 Questions]

A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:
<a href=`https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250`>Click here to unsubscribe</a>
Which of the following will the forensics investigator MOST likely determine has occurred?

  • A. SQL injection
  • B. CSRF
  • C. XSS
  • D. XSRF
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Daaio at Aug. 15, 2020, 4:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daaio
Highly Voted 4 years, 8 months ago
I believe CSRF = XSRF (Cross-site request forgery).
upvoted 21 times
adriantdf
4 years, 8 months ago
Yes, both are correct, as they mean the same thing.
upvoted 4 times
...
gmravi
2 years, 3 months ago
https://portswigger.net/web-security/csrf/xss-vs-csrf#:~:text=What%20is%20the%20difference%20between,they%20do%20not%20intend%20to.
upvoted 1 times
...
...
Dave1212
Highly Voted 4 years, 8 months ago
The difference between the X-CSRF-TOKEN and X-XSRF-TOKEN is that the first uses a plain text value and the latter uses an encrypted value, because cookies in Laravel are always encrypted
upvoted 11 times
...
SophyQueenCR82
Most Recent 2 years, 1 month ago
The forensics investigator will most likely determine that a Cross-Site Request Forgery (CSRF) attack has occurred. In this attack, the attacker tricks the victim into clicking on a link that will perform an unwanted action on a website the victim is authenticated to. The link in the email appears to be an attempt to unsubscribe from a mailing list but actually contains a hidden request to make an unauthorized payment on the company's website.
upvoted 1 times
...
ajalfo
2 years, 2 months ago
This wasn't very clear to me on the practice test because the answers were as follows: A. SQL injection B. CSRF C. XSS D. XSRF Thus indicating that choosing B or D would yield the correct response. I got thrown off and chose C because I knew B&D were the same. I guess it's just a practice test creation error.
upvoted 1 times
...
EubertT
2 years, 5 months ago
In the exam the multiple choice are: A. SQL injection B. Broken authentication C. XSS D. XSRF So the answer is D: XSRF
upvoted 3 times
...
HaSeongKim
2 years, 6 months ago
I believe on the exam, multiple choices were: A. SQL injection B. Broken authentication C. XSS D. XSRF so the answer is D. XSRF
upvoted 1 times
...
fonka
3 years, 9 months ago
CSRF is also known by a number of other names, including XSRF, "sea surf," session riding, cross-site reference forgery, and hostile linking
upvoted 1 times
...
StickyMac
3 years, 11 months ago
If you looking at this question, it says that the users had unauthorized payments that ware reported. 2nd key here is, when an attacker crafts its onw URL link that looks legitimate and inported to users email as a phishing email. That link will direct that user to a fake URL could be banking site and so on,. that will definitely will be CSRF.
upvoted 1 times
...
Sugoi
3 years, 11 months ago
B and D are the same exact thing....
upvoted 2 times
...
yeaggie
4 years ago
CSRF is an attack that tricks a user into performing an action on a web site by using a specially crafted HTML link and the user performs the action without realizing it. Pg 333 Darril Gibson
upvoted 3 times
...
idoIL
4 years, 5 months ago
It look like XSRF (example of transaction = open session... bla..bla..bla..) But maybe Its XSS :)? If I changed the query params values ​​it would look more like XSS For example: company.com/payto.do?routing=1"/><script>alert(1);</script>. The victim her is the client not the website meaning XSS? **I hate Comptia!** :\
upvoted 2 times
AlexChen011
4 years, 1 month ago
It is not XSS...
upvoted 2 times
...
...
xerco
4 years, 8 months ago
csrf=xsrf
upvoted 1 times
...
Teza
4 years, 8 months ago
CSRF and XSRF are the same and are both on the objective. Will it be a bonus score or what?
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago