CERTIFIED-IN-CYBERSECURITY · Question #175
CERTIFIED-IN-CYBERSECURITY Question #175: Real Exam Question with Answer & Explanation
The correct answer is A: Cross-Site Scripting. Cross-Site Scripting (XSS) is an attack where malicious executable scripts are injected into an otherwise benign website (or web application) code. Websites are vulnerable to XSS when they display data originating from requests or forms without validating it (and further sanitizi
Question
Which of these attacks take advantage of inadequate input validation in websites?
Options
- ACross-Site Scripting
- BRootkits
- CTrojans
- DPhishing
Explanation
Cross-Site Scripting (XSS) is an attack where malicious executable scripts are injected into an otherwise benign website (or web application) code. Websites are vulnerable to XSS when they display data originating from requests or forms without validating it (and further sanitizing it, so that it is not executable) (see ISC2 Study Guide, chapter 4, module 2). Trojans and phishing are attacks where software applications and messages try to appear legitimate, but have hidden malicious functions. They do not necessarily rely on poor input validations. Finally, input validation does not even apply to a rootkit attack.
Topics
Community Discussion
No community discussion yet for this question.