SY0-501 · Question #450
SY0-501 Question #450: Real Exam Question with Answer & Explanation
The correct answer is C: XSS. The attack described, involving client-side manipulation of HTML iframes with JavaScript via a web browser, is characteristic of a Cross-Site Scripting (XSS) attack.
Question
Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?
Options
- ABuffer overflow
- BMITM
- CXSS
- DSQLi
Explanation
The attack described, involving client-side manipulation of HTML iframes with JavaScript via a web browser, is characteristic of a Cross-Site Scripting (XSS) attack.
Common mistakes.
- A. Buffer overflow attacks exploit memory vulnerabilities by writing more data to a buffer than it can hold, corrupting adjacent memory, and are not specific to client-side HTML/JavaScript manipulation.
- B. Man-in-the-Middle (MITM) attacks involve an attacker intercepting and potentially altering communications between two parties, which is different from directly manipulating a client's web browser content with injected scripts.
- D. SQL Injection (SQLi) is a server-side attack where an attacker injects malicious SQL code into input fields to manipulate or retrieve data from a backend database, not a client-side browser attack manipulating HTML iframes.
Concept tested. Cross-Site Scripting (XSS) attack principles
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/xss-attacks-prevention
Community Discussion
No community discussion yet for this question.