ExpertMedium1 markMultiple Choice
CPA · Question 40 · Area II: Security
A web application allows users to input text into a comment field. A malicious user enters a script that executes in the browsers of other users viewing the comment. This is known as:
A web application allows users to input text into a comment field. A malicious user enters a script that executes in the browsers of other users viewing the comment. This is known as:
Answer options:
A.
SQL Injection
B.
Cross-Site Scripting (XSS)
C.
Buffer Overflow
D.
Denial of Service
How to approach this question
Keywords: 'script', 'browser', 'other users'.
Full Answer
B.Cross-Site Scripting (XSS)✓ Correct
Cross-Site Scripting (XSS) occurs when an application includes untrusted data in a web page without proper validation, allowing scripts to execute in the victim's browser.
Common mistakes
Confusing XSS with SQL Injection (which targets the server/database).
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy