CompTIA PenTest+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA PenTest+ Exam. Study with flashcards and multiple choice questions; each comes with hints and explanations. Get ready for your certification!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which term describes scripts that run after a legitimate request is made to a server, reflecting the malicious script back to the victim?

  1. Stored XSS attack

  2. Reflected XSS attack

  3. DOM-based XSS attack

  4. Distributed XSS attack

The correct answer is: Reflected XSS attack

The term that describes scripts running after a legitimate request is made to a server and then reflecting the malicious script back to the victim is known as a reflected XSS attack. This type of attack occurs when an attacker manipulates a URL or a form field in such a way that when the victim clicks on the crafted link, the server processes the request and reflects the malicious script back to the user's browser within the response. Since the script is executed in the victim’s browser, it can potentially steal cookies, session tokens, or other sensitive information. In contrast, a stored XSS attack involves the malicious script being stored on the server (such as in a database) and then served to victims when they access a particular page, making it more persistent than reflected attacks. A DOM-based XSS attack focuses on modifications made to the Document Object Model (DOM) in the client’s browser rather than relying on server responses for execution. A distributed XSS attack is not a widely recognized term within XSS attack types but rather suggests a coordinated approach that does not conform to standard terminologies used in the field.

More Questions Like This