ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 1 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 1
Topic #: 1
[All 312-50v11 Questions]

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

  • A. Clickjacking
  • B. Cross-Site Scripting
  • C. Cross-Site Request Forgery
  • D. Web form input validation
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by noot at March 6, 2021, 5:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daniel8660
Highly Voted 2 years, 9 months ago
Selected Answer: C
Compromising Session IDs Using Client-side Attacks Cross-site Request Forgery Attack (CSRF) Cross-site request forgery (CSRF), also known as a one-click attack or session riding. The Cross-Site Request Forgery (CSRF) attack exploits the victim’s active session with a trusted site to perform malicious activities. (P.1419/1403)
upvoted 8 times
...
Snipa_x
Highly Voted 3 years, 8 months ago
Was in Exam today 11/24/2021
upvoted 6 times
...
yyj933125
Most Recent 1 year, 4 months ago
Answer is C
upvoted 1 times
...
qtygbapjpesdayazko
1 year, 5 months ago
Is the premium dump for the v12 a valid dump?
upvoted 2 times
...
qtygbapjpesdayazko
1 year, 6 months ago
Is this dump still valid for the corrent exam?
upvoted 1 times
...
qtygbapjpesdayazko
1 year, 6 months ago
Any update when this dump will be updated?
upvoted 1 times
...
qtygbapjpesdayazko
1 year, 6 months ago
is this questions still valid?
upvoted 2 times
...
SageCloud
1 year, 10 months ago
It isn't CSRF, because there is no second website when the user clicks on the link. The link is received by email. Clicking a link to watch a cat movie, while actually triggering a money transfer sounds like clickbaiting to me. Answer A.
upvoted 1 times
...
sameerijaz
1 year, 11 months ago
Answer is C
upvoted 1 times
...
ostorgaf
1 year, 11 months ago
Selected Answer: A
Clickjacking is a web security vulnerability where an attacker tricks a user into clicking on something different from what the user perceives. In this scenario, when the user clicked on the link in the email that seemed to lead to an interesting website with a cat video, the attacker exploited clickjacking to overlay that link with an invisible frame or layer that directed the user to a different action, such as initiating a fund transfer from the user's bank account. In this case, the attacker used the user's own browser to perform actions without the user's knowledge, making it appear as though the user initiated the actions, which include unauthorized fund transfers from the bank account. This technique allows the attacker to perform actions on a different site in the context of the user's active session.
upvoted 4 times
...
vitusisya
2 years, 1 month ago
The answer is C
upvoted 1 times
...
Chucho_es_gay
2 years, 9 months ago
Answer is C
upvoted 3 times
...
studyin
2 years, 9 months ago
Answer is C
upvoted 1 times
...
leandrosoares
2 years, 9 months ago
C is the right for this one!
upvoted 1 times
...
antoclk
2 years, 10 months ago
Selected Answer: C
**CSRF** - tricks a web browser into executing an unwanted action in an application to which a user is already logged in. the attacker will typically use social engineering, such as an email or link that will trick a victim into sending a forger request to a server. **require a user to do something**. works only one way – it can only send HTTP requests, but **cannot view the response**.
upvoted 3 times
...
tosmap
2 years, 10 months ago
Answer is C
upvoted 1 times
...
basel07019
2 years, 11 months ago
Answer is C
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel