350-201(NEW-127Q) · Question #89
350-201(NEW-127Q) Question #89: Real Exam Question with Answer & Explanation
The correct answer is B. A malicious IFRAME is inside the HTML code.. Option B is correct because an IFRAME (Inline Frame) is an HTML element that embeds another webpage inside the current page - attackers abuse this by hiding malicious IFRAMEs (often with width=0, height=0 or display:none) to silently load exploit kits, phishing pages, or drive-by
Question
Options
- AA suspicious redirect occurs to another website with an insecure connection.
- BA malicious IFRAME is inside the HTML code.
- CAn unknown file is downloaded.
- DA CSS script is forcing visitors to click ads and popups.
Explanation
Option B is correct because an IFRAME (Inline Frame) is an HTML element that embeds another webpage inside the current page - attackers abuse this by hiding malicious IFRAMEs (often with width=0, height=0 or display:none) to silently load exploit kits, phishing pages, or drive-by downloads without the user seeing anything suspicious.
Why the distractors are wrong:
- A is wrong because a redirect navigates the user away from the page; an IFRAME loads content within the page invisibly.
- C is wrong because a file download would typically trigger a browser prompt or be visible in network activity - an IFRAME attack is passive and hidden.
- D is wrong because clickjacking/ad-forcing is typically done with transparent overlaid IFRAMEs or CSS pointer tricks, not CSS scripts forcing clicks in the way described.
Memory tip: Think "I-FRAME = Invisible Frame" - malicious IFRAMEs are the attacker's way of smuggling a second, hidden webpage inside a legitimate one. If you see <iframe> in suspicious HTML with zero dimensions or hidden styling, that's the red flag.
Topics
Community Discussion
No community discussion yet for this question.