During an assessment, you observe a situation where a malicious website can force users to send unwanted commands to a target web service, leading to unauthorized actions. Which approach best prevents these malicious submissions from external sites?
Enforce strict password rules across all user accounts
Require multi-factor authentication for user logins
Use a distinct token with user submissions and validate it on arrival
Set shorter session durations to reduce active login periods
To prevent CSRF attacks, web applications should include a unique token in each user request that is verified by the server. This token confirms the request originated from a trusted session, blocking forged submissions from external sites. While MFA enhances login security, it does not prevent requests made by authenticated users. Shorter sessions may limit risk exposure but won’t stop CSRF while sessions are active. Password strength policies improve overall account protection but have no impact on in-session command validation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.