Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Carrying out session hijacking attacks can involve:
Spoofing
Sniffing
Denial of service
All of these
If possible, an attacker utilizes the act of sniffing packets to locate the ISN, thus eliminating the need to guess. Edit: All that I have read indicates that a session hijack requires the attacker to sniff data and guess the ISN. To "carry out a session hijack" seems to imply an active attack. Thus, the next step after sniffing will be to send FIN/RST to the client (denial-of-service). The next step is to then impersonate the client by using the sniffed ISN to generate packets with the captured session information (e.g. JSESSIONID or equivalent) to the Web server. Thus, the answer to this question appears to be "All of these". Or am I missing something?? EDIT: I would agree with that assessment. answer should be "All of these". *** Answer has been edited.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.