ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 346 discussion

Actual exam question from CompTIA's SY0-601
Question #: 346
Topic #: 1
[All SY0-601 Questions]

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:



Which of the following types of attacks is MOST likely being conducted?

  • A. SQLi
  • B. CSRF
  • C. Spear phishing
  • D. API
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Ranaer at Feb. 8, 2023, 12:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SophyQueenCR82
Highly Voted 2 years, 3 months ago
B. CSRF What is a CSRF attack? Cross site request forgery (CSRF) is a vulnerability where an attacker performs actions while impersonating another user. For example, transferring funds to an attacker's account, changing a victim's email address, or they could even just redirect a pizza to an attacker's address!
upvoted 12 times
...
6R15
Highly Voted 2 years, 4 months ago
Selected Answer: B
Get command is Powershell = CSRF use Powershell
upvoted 9 times
klinkklonk
1 year, 5 months ago
GET is a http request in this instance. GET POST PUT
upvoted 1 times
...
loccodennis
2 years, 1 month ago
CSRF (Cross-Site Request Forgery) attacks are typically not directly executed using PowerShell. PowerShell is a scripting language and automation framework developed by Microsoft, primarily used for system administration tasks and automation. While PowerShell can be used in certain stages of a broader attack, such as in the initial reconnaissance or post-exploitation phases, it is not commonly used for directly conducting CSRF attacks. CSRF attacks typically rely on manipulating HTML forms, scripting languages like JavaScript, or constructing specially crafted URLs to trick the victim's browser into sending unauthorized requests to a target website.
upvoted 6 times
...
...
[Removed]
Most Recent 1 year, 7 months ago
Selected Answer: B
CSRF only one that really makes sense in this context
upvoted 1 times
...
Teleco0997
1 year, 7 months ago
Selected Answer: B
taking advantage of the trust in the user = CSRF
upvoted 2 times
...
sdc939
2 years, 4 months ago
Selected Answer: B
Yep, seems 2 b B CSRF
upvoted 2 times
...
Ranaer
2 years, 4 months ago
Selected Answer: B
What is CSRF? According to Messer: Cross-site request forgery • One-click attack, session riding - XSRF, CSRF (sea surf) • Takes advantage of the trust that a web application has for the user – The web site trusts your browser – Requests are made without your consent or your knowledge Once you authenticate legitimately, an attacked forges requests to induce action which you didnt intend.
upvoted 7 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel