CISM Certified Information Security Manager – Question1163 - CISM Certified Information Security Manager

The root cause of a successful cross site request forgery (XSRF) attack against an application is that the vulnerable application:

A. uses multiple redirects for completing a data commit transaction.
B. has implemented cookies as the sole authentication mechanism.
C. has been installed with a non-legitimate license key.
D. is hosted on a server along with other applications.

Correct Answer: B

Explanation:

Explanation:
XSRF exploits inadequate authentication mechanisms in web applications that rely only on elements such as cookies when performing a transaction. XSRF is related to an authentication mechanism, not to redirection. Option C is related to intellectual property rights, not to XSRF vulnerability. Merely hosting multiple applications on the same server is not the root cause of this vulnerability.