312-50V13 · Question #487
312-50V13 Question #487: Real Exam Question with Answer & Explanation
Sign in or unlock 312-50V13 to reveal the answer and full explanation for question #487. The question stem and answer options stay visible for context.
Question
An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker's next step to confirm the XSS vulnerability?
Options
- ATry to disable the CSP to bypass script restrictions
- BInject a benign script inline to the form to see if it executes
- CUtilize a script hosted on the application's domain to test the form
- DLoad a script from an external domain to test the vulnerability
Unlock 312-50V13 to see the answer
You've previewed enough free 312-50V13 questions. Unlock 312-50V13 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.