"Understanding Application Attacks - Exam SY0-601"

"Identifying the Tested Application Attack"

Prev Question Next Question

Question

A security analyst is reviewing a new website that will soon be made publicly available.

The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us Which of the following application attacks is being tested?

A.

Pass-the-hash B.

Session replay C.

Object deference D.

Cross-site request forgery.

B.

Explanations

A security analyst is reviewing a new website that will soon be made publicly available.

The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us Which of the following application attacks is being tested?

A.

Pass-the-hash

B.

Session replay

C.

Object deference

D.

Cross-site request forgery.

B.

The attack being tested in this scenario is Session replay.

Session replay attack is a type of application attack in which an attacker captures the session ID of a user and uses it to impersonate the user and gain unauthorized access to the system. The session ID is a unique identifier that is generated by the web server when a user logs in or starts a session. The session ID is usually stored in a cookie or as part of the URL.

In this scenario, the security analyst sends a link to an internal user for testing purposes, which contains a session ID in the URL. When the user clicks on the link, the analyst is able to browse the website with a different session ID. This indicates that the analyst was able to capture and use the user's session ID to access the website, which is a clear indication of a session replay attack.

Option A: Pass-the-hash is a type of attack in which an attacker steals hashed passwords and reuses them to gain access to other systems.

Option C: Object deference is a type of application attack in which an attacker manipulates object references to gain unauthorized access to data or resources.

Option D: Cross-site request forgery (CSRF) is a type of attack in which an attacker tricks a user into executing unintended actions on a website that the user is currently authenticated with.

Therefore, the correct answer is B. Session replay.