CompTIA CySA+ Practice Test

Which scenario would most likely trigger an incident involving a Cross-site Request Forgery (CSRF) attack?

• A. A user clicks on a malicious link while logged into an account
• B. Legitimate user credentials are stolen through phishing
• C. A web application is exploited due to unpatched flaws
• D. A server receives overwhelming traffic from botnets

The correct answer is: A user clicks on a malicious link while logged into an account

An incident involving a Cross-site Request Forgery (CSRF) attack is most likely triggered when a user clicks on a malicious link while logged into an account. CSRF attacks exploit the trust that a web application has in the user's browser. When the user is already authenticated, clicking on a malicious link can cause the browser to send a request to the web application on behalf of the user, potentially executing unwanted actions without their consent. This type of attack relies on the fact that the authenticated session is still active, allowing malicious requests to be processed as if they came from the legitimate user. In this scenario, the attacker's link takes advantage of the logged-in state to perform actions like changing account settings or making transactions, all without the user’s awareness. The other scenarios do not specifically pertain to CSRF. For instance, stealing legitimate user credentials through phishing is typically related to credential theft and would more likely lead to unauthorized access rather than a CSRF attack. Exploiting vulnerabilities in a web application due to unpatched flaws pertains to different types of attacks such as SQL injection or cross-site scripting (XSS). Lastly, overwhelming server traffic from botnets is more indicative of a denial-of-service (DoS) attack and does not involve the user's