350-701 · Question #401
350-701 Question #401: Real Exam Question with Answer & Explanation
The correct answer is D: cross-site scripting. Cross-site scripting (XSS) is correct because it is precisely the technique where an attacker injects malicious client-side scripts (typically JavaScript) into a trusted web application, which then delivers that script to other users' browsers - the browser executes it thinking i
Question
Which method of attack is used by a hacker to send malicious code through a web application to an unsuspecting user to request that the victim's web browser executes the code?
Options
- Abuffer overflow
- Bbrowser WGET
- CSQL injection
- Dcross-site scripting
Explanation
Cross-site scripting (XSS) is correct because it is precisely the technique where an attacker injects malicious client-side scripts (typically JavaScript) into a trusted web application, which then delivers that script to other users' browsers - the browser executes it thinking it came from a trusted source.
Why the distractors are wrong:
- A. Buffer overflow - exploits memory allocation in applications/OS processes; it doesn't involve injecting code through a web app to another user's browser.
- B. Browser WGET - not a real attack category;
wgetis a legitimate command-line download utility, not a hacking method. - C. SQL injection - targets the database backend by inserting malicious SQL statements; the victim is the server/database, not another end user's browser.
Memory tip: Think of the name literally - the script crosses sites, traveling from the attacker → web server → victim's browser. If the attack flows toward the database, think SQL injection; if it flows toward another user's browser, think XSS.
Topics
Community Discussion
No community discussion yet for this question.