312-50V13 · Question #551
312-50V13 Question #551: Real Exam Question with Answer & Explanation
The correct answer is B: Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) is a web application attack where attackers inject malicious client-side scripts into web pages, which are then executed in the browsers of other unsuspecting users.
Question
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
Options
- ASQL injection attack
- BCross-Site Scripting (XSS)
- CLDAP Injection attack
- DCross-Site Request Forgery (CSRF)
Explanation
Cross-Site Scripting (XSS) is a web application attack where attackers inject malicious client-side scripts into web pages, which are then executed in the browsers of other unsuspecting users.
Common mistakes.
- A. SQL injection attacks target databases by inserting malicious SQL code into input fields to manipulate or extract data.
- C. LDAP Injection attacks involve manipulating LDAP statements to query or modify LDAP directory services.
- D. Cross-Site Request Forgery (CSRF) attacks trick authenticated users into unwittingly executing unwanted actions on a web application by forging requests.
Concept tested. Cross-Site Scripting (XSS) attack
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/xss-vulnerabilities
Topics
Community Discussion
No community discussion yet for this question.