GCIA · Question #35
GCIA Question #35: Real Exam Question with Answer & Explanation
The correct answer is A. Use a Web proxy to view the Web server transactions in real time and investigate any communication B. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL D. Look at the Web servers logs and normal traffic logging.. XSS forensic investigation uses web proxies, server logs, and email source review to trace injected scripts - raw packet capture via Wireshark is insufficient for encrypted application-layer analysis.
Question
Options
- AUse a Web proxy to view the Web server transactions in real time and investigate any communication
- BReview the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL
- CUse Wireshark to capture traffic going to the server and then searching for the requests going to the
- DLook at the Web servers logs and normal traffic logging.
Explanation
XSS forensic investigation uses web proxies, server logs, and email source review to trace injected scripts - raw packet capture via Wireshark is insufficient for encrypted application-layer analysis.
Common mistakes.
- C. Wireshark operates at the network packet level and cannot decrypt HTTPS traffic without additional configuration, making it unable to read application-layer XSS payloads in encrypted web transactions - a significant limitation for web attack forensics.
Concept tested. Cross-site scripting forensic investigation methods
Reference. https://owasp.org/www-community/attacks/xss/
Community Discussion
No community discussion yet for this question.