(ISC)2 Certified in Cybersecurity Practice Exam

Which of the following methods is effective at preventing replay attacks?

• A. Man-in-the-middle
• B. Full disk encryption
• C. Session tokens
• D. Mobile device management

The correct answer is: Session tokens

Session tokens are an effective method for preventing replay attacks because they serve as unique identifiers for active communication sessions between the client and server. When a session token is issued for a specific session, it becomes valid only for that session duration and often includes a timestamp or a nonce (a number used once) to ensure uniqueness. In the context of a replay attack, an adversary could capture valid data and then retransmit it in an attempt to impersonate a legitimate user. Session tokens can mitigate this risk by requiring each session to have a distinct token, which means that even if a token were to be captured, it would only be valid for that instance and cannot be reused in another session. Additionally, the inclusion of time-sensitive elements (like expiration times) in session tokens makes it difficult for attackers to successfully replay old tokens. To understand this better, let’s consider why the other options are less effective against replay attacks. Man-in-the-middle attacks involve intercepting and possibly altering communications between two parties, but they do not specifically defend against the reuse of captured data. Full disk encryption secures data at rest but does not directly address the threats posed by replay attacks in real-time communications. Mobile device management (MDM) helps in managing devices and enforcing security