Valid 212-89 Dumps shared by EduDump.com for Helping Passing 212-89 Exam! EduDump.com now offer the newest 212-89 exam dumps, the EduDump.com 212-89 exam questions have been updated and answers have been corrected get the newest EduDump.com 212-89 dumps with Test Engine here:
GlobalCorp, a leading software development company, recently launched a cloud-based CRM application. However, within a week, customers reported unauthorized access incidents. On investigation, it was discovered that the vulnerability was due to improper session management, allowing session fixation attacks. How should GlobalCorp address this vulnerability?
Correct Answer: B
Comprehensive and Detailed Explanation (ECIH-aligned): This scenario involves a session fixation vulnerability, a well-known web application attack where an attacker forces or predicts a session identifier and then tricks a user into authenticating with that session. According to the ECIH web application security module, proper session management is essential to prevent such attacks. Option B is correct because rotating or regenerating session tokens immediately after successful authentication ensures that any session identifier known to an attacker becomes invalid. This breaks the attack chain inherent in session fixation attacks. ECIH explicitly identifies session regeneration as a primary mitigation control. Option A helps against automated abuse but does not address session reuse. Option C strengthens authentication but does not prevent session hijacking. Option D improves confidentiality but does not prevent fixation if the same session ID remains valid. ECIH stresses that authentication and session management must be treated as distinct security controls. Even strong passwords cannot protect against flawed session handling. Therefore, regenerating session tokens post- login is the correct and most effective remediation.