GIAC Foundational Cybersecurity Technologies Practice Test

What is a requirement for cross-site request forgery (CSRF) to work?

• A. The victim must be authenticated with the target site
• B. The attacker must have root privileges on the victim's system
• C. The victim must be a member of the IIS_USER group
• D. The attacker must steal the victim's cookie

The correct answer is: The victim must be authenticated with the target site

For a cross-site request forgery (CSRF) attack to be successful, the victim must be authenticated with the target site. CSRF exploits the trust that a web application has in the user's browser. When a user is logged in to a service and their session is authenticated via cookies or other tokens, an attacker can leverage the user’s authenticated state to perform unauthorized actions on their behalf. In a typical CSRF attack, the attacker crafts a malicious request that, when executed by the victim's browser, takes advantage of the legitimate session the victim has with the target site. Since the victim is already authenticated and has valid credentials or session tokens, the request is processed by the target site as if it were a legitimate action initiated by the victim. Therefore, the authentication status of the user is crucial for CSRF to be effective, as it allows the attacker to perform actions on behalf of the authenticated user without their consent. The remaining options do not accurately represent the requirements for a CSRF attack. It is not necessary for the attacker to have root privileges on the victim's system, nor is being a member of a specific user group relevant to CSRF. Additionally, while stealing a cookie can be a method of attack in other contexts (like session hij