Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following practices is crucial for eradicating server-side request forgery attacks?

  1. Do not allow the redirection of HTTP

  2. Encourage unrestricted HTTP methods

  3. Allow internal server redirection by default

  4. Implement weak authentication measures

The correct answer is: Do not allow the redirection of HTTP

The practice of not allowing the redirection of HTTP is essential for eradicating server-side request forgery (SSRF) attacks. SSRF occurs when an attacker manipulates a server's requests to access internal resources or services that should not be directly exposed or accessible from the outside. By preventing HTTP redirection, you reduce the risk of attackers crafting requests that can leverage your server to access unintended destinations, such as internal APIs, databases, or other sensitive systems. Without the ability for HTTP redirection, an application is less likely to expose its internal network to outside threats. This practice supports the principle of least privilege and enhances overall system security by ensuring that outgoing requests from your server cannot be manipulated to reach unintended or potentially harmful endpoints. In contrast, encouraging unrestricted HTTP methods could allow attackers to use methods like PUT or DELETE to modify resources on the server. Allowing internal server redirection by default would create avenues for SSRF attacks, as attackers could control the server to make requests to internal services. Implementing weak authentication measures would only exacerbate the problem by allowing unauthorized users more access to exploit SSRF vulnerabilities. By focusing on restricting redirection, the overall attack surface for SSRF is significantly reduced.

More Questions Like This