Which technique overlays a legitimate page on top and uses an invisible iframe with a higher z-index?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which technique overlays a legitimate page on top and uses an invisible iframe with a higher z-index?

Explanation:
This is all about clickjacking through a transparent, layered overlay. In this technique, a legitimate page is shown to the user, but an invisible iframe is placed on top with a higher z-index. The user interacts with the overlay, while the real actions are actually performed by the hidden page underneath. The result is that clicks or inputs appear to be on the visible page, but they affect the behind-the-scenes page or controls, enabling actions the user didn’t intend. This approach relies on the overlay being transparent or nearly so, and on positioning it to cover the target UI element. Defenses include headers like X-Frame-Options or Content-Security-Policy frame-ancestors to prevent embedding, frame-busting techniques, and requiring explicit user confirmation for sensitive actions. The other options describe unrelated concepts: cropping involves altering an image, DNS interrogation is about gathering domain information, and WAFW00F is a tool for fingerprinting web application firewalls.

This is all about clickjacking through a transparent, layered overlay. In this technique, a legitimate page is shown to the user, but an invisible iframe is placed on top with a higher z-index. The user interacts with the overlay, while the real actions are actually performed by the hidden page underneath. The result is that clicks or inputs appear to be on the visible page, but they affect the behind-the-scenes page or controls, enabling actions the user didn’t intend.

This approach relies on the overlay being transparent or nearly so, and on positioning it to cover the target UI element. Defenses include headers like X-Frame-Options or Content-Security-Policy frame-ancestors to prevent embedding, frame-busting techniques, and requiring explicit user confirmation for sensitive actions.

The other options describe unrelated concepts: cropping involves altering an image, DNS interrogation is about gathering domain information, and WAFW00F is a tool for fingerprinting web application firewalls.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy