350-701 · Question #743
350-701 Question #743: Real Exam Question with Answer & Explanation
The correct answer is B. SQL injection modifies SQL queries, and XSS cloaks by encoding tags.. SQL injection attacks modify database queries, while Cross-Site Scripting (XSS) attacks inject malicious client-side scripts into web pages, often bypassing sanitization by encoding tags.
Question
What is a difference between an SQL injection and a cross-site scripting attack?
Options
- ASQL injection intercepts user information, and XSS causes false or unpredictable results.
- BSQL injection modifies SQL queries, and XSS cloaks by encoding tags.
- CSQL injection detects environments, and XSS cloaks by encoding tags.
- DSQL injection modifies SQL queries, and XSS allows access to files beyond the root folder.
Explanation
SQL injection attacks modify database queries, while Cross-Site Scripting (XSS) attacks inject malicious client-side scripts into web pages, often bypassing sanitization by encoding tags.
Common mistakes.
- A. While both attacks can lead to user information compromise, the description 'intercepts user information' for SQLi and 'causes false or unpredictable results' for XSS does not accurately describe their fundamental technical difference in attack mechanism.
- C. 'SQL injection detects environments' is an inaccurate description of SQL injection; its primary purpose is data manipulation or extraction through query modification. 'XSS cloaks by encoding tags' is partially correct for XSS but paired with an incorrect SQLi description.
- D. XSS attacks manipulate the client-side browser context and do not typically grant access to server-side files beyond the web root; this type of access is generally associated with directory traversal or other server-side vulnerabilities.
Concept tested. SQL injection vs. XSS attack mechanisms
Reference. https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html
Topics
Community Discussion
No community discussion yet for this question.