During an assessment, you observe a situation where a malicious website can force users to send unwanted commands to a target web service, leading to unauthorized actions. Which approach best prevents these malicious submissions from external sites?
Set shorter session durations to reduce active login periods
Enforce strict password rules across all user accounts
Use a distinct token with user submissions and validate it on arrival
Require multi-factor authentication for user logins
To prevent CSRF attacks, web applications should include a unique token in each user request that is verified by the server. This token confirms the request originated from a trusted session, blocking forged submissions from external sites. While MFA enhances login security, it does not prevent requests made by authenticated users. Shorter sessions may limit risk exposure but won’t stop CSRF while sessions are active. Password strength policies improve overall account protection but have no impact on in-session command validation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a CSRF attack?
Open an interactive chat with Bash
How does using a unique token prevent CSRF attacks?