CompTIA PenTest+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA PenTest+ Exam. Study with flashcards and multiple choice questions; each comes with hints and explanations. Get ready for your certification!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which attack injects malicious code or links into a website's data that remains stored on the server?

  1. Cross-site scripting (XSS) attack

  2. Persistent XSS attack

  3. Reflected XSS attack

  4. DOM-based XSS attack

The correct answer is: Persistent XSS attack

The persistent XSS attack is characterized by its ability to inject malicious code or links directly into a website's data, which then remains stored on the server. This type of attack occurs when an attacker inputs malicious scripts into a web application that then gets saved in its database, and subsequently, the script is delivered to users who load that data from the server. The key distinction here is that persistent XSS attacks have a lasting effect because the injected code is stored on the server and can be executed whenever a user accesses the compromised page. This contrasts with reflected XSS, where the malicious script is included in the request and executed immediately without being stored, or DOM-based XSS, which modifies the Document Object Model in the browser on-the-fly without server-side storage. These differences highlight why persistent XSS is a more serious threat, as it can affect multiple users and persist over time, giving attackers more opportunities to exploit innocent users visiting the site.

More Questions Like This