312-50V12 · Question #263
312-50V12 Question #263: Real Exam Question with Answer & Explanation
Sign in or unlock 312-50V12 to reveal the answer and full explanation for question #263. The question stem and answer options stay visible for context.
Question
An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker's next step to confirm the XSS vulnerability?
Options
- AUtilize a script hosted on the application's domain to test the form
- BTry to disable the CSP to bypass script restrictions
- CInject a benign script inline to the form to see if it executes
- DLoad a script from an external domain to test the vulnerability
Unlock 312-50V12 to see the answer
You've previewed enough free 312-50V12 questions. Unlock 312-50V12 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.