A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

B. Attempts by attackers to access the user and password information stored in the company's SQL database.

C. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

D. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.








 

Suggested Answer: A



Cookies can store passwords and form content a user has previously entered, such as a credit card number or an address.
Cookies can be stolen using a technique called cross-site scripting. This occurs when an attacker takes advantage of a website that allows its users to post unfiltered HTML and JavaScript content.
References: https://en.wikipedia.org/wiki/HTTP_cookie#Cross-site_scripting_.E2.80.93_cookie_theft

This question is in 312-50V9 EC-Council Certified Ethical Hacker v9 Exam
For getting EC-Council Certified Ethical Hacker (CEH) Certificate







Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council. 
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exams.