# 312-50v11 — Question 424

**Type:** multiple_choice
**Topics:** topic_1

## Question

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

## Correct Answer

_See scenario._

## Explanation

Selected Answer: C
Compromising Session IDs Using Client-side Attacks
Cross-site Request Forgery Attack (CSRF)
Cross-site request forgery (CSRF), also known as a one-click attack or session riding.
The Cross-Site Request Forgery (CSRF) attack exploits the victim’s active session with a trusted site to perform malicious activities. (P.1419/1403)

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/eccouncil/312-50v11/424  
Practice (tracked): https://hiexam.net/study/312-50v11/practice