nerdexam
Cisco

350-701 · Question #334

What is a difference between an XSS attack and an SQL injection attack?

The correct answer is C. SQL injection attacks are used to steal information from databases whereas XSS attacks are. SQL injection attacks target databases to manipulate or extract data, while XSS attacks inject malicious scripts into web pages viewed by other users.

Submitted by yasin.bd· Mar 30, 2026

Question

What is a difference between an XSS attack and an SQL injection attack?

Options

  • ASQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist
  • BXSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist
  • CSQL injection attacks are used to steal information from databases whereas XSS attacks are
  • DXSS attacks are used to steal information from databases whereas SQL injection attacks are

How the community answered

(24 responses)
  • A
    4% (1)
  • C
    88% (21)
  • D
    8% (2)

Why each option

SQL injection attacks target databases to manipulate or extract data, while XSS attacks inject malicious scripts into web pages viewed by other users.

ASQL injection is a hacking method used to attack SQL databases, whereas XSS attacks can exist

This statement is incomplete and doesn't fully capture the difference or the nature of XSS.

BXSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist

This incorrectly states that XSS attacks are used to attack SQL databases; XSS targets web application users, not databases directly.

CSQL injection attacks are used to steal information from databases whereas XSS attacks areCorrect

SQL injection attacks specifically exploit vulnerabilities in an application's interaction with a database, allowing attackers to execute arbitrary SQL queries to steal, modify, or delete information from databases. Cross-Site Scripting (XSS) attacks, on the other hand, involve injecting malicious client-side scripts into web pages viewed by other users, typically to hijack sessions, deface websites, or redirect users.

DXSS attacks are used to steal information from databases whereas SQL injection attacks are

This incorrectly states that XSS attacks are primarily used to steal information from databases; XSS targets client-side user sessions and data, not server-side databases.

Concept tested: Differentiating XSS and SQL injection attack types

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/sql-injection

Topics

#XSS attack#SQL injection attack#Web application security#Vulnerability types

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice