Which term describes a malicious script designed to run in a user's browser by exploiting trusted sites, often delivered via a link or on a compromised site?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which term describes a malicious script designed to run in a user's browser by exploiting trusted sites, often delivered via a link or on a compromised site?

Explanation:
Cross-site scripting involves injecting and running malicious scripts in a victim’s browser, taking advantage of the trust a user places in a legitimate site. Because the code executes within the context of that trusted site, it can access sensitive data like cookies or session tokens and can perform actions on behalf of the user, often triggered when the user clicks a link or visits a compromised page. This description fits perfectly: a malicious script designed to run in a user’s browser by exploiting trusted sites and delivered via a link or on a compromised site. SQL injection targets the server side by manipulating database queries through input fields, not by running code in the user's browser. Phishing relies on social engineering to lure users into revealing credentials rather than executing scripts in their browser. Malicious link injection isn’t a standard, precise term for this kind of browser-executed attack; cross-site scripting is the established term and concept. To reduce risk, defenses include input sanitization and output encoding, a Content Security Policy, and secure handling of cookies (like HttpOnly) to limit what an injected script can access.

Cross-site scripting involves injecting and running malicious scripts in a victim’s browser, taking advantage of the trust a user places in a legitimate site. Because the code executes within the context of that trusted site, it can access sensitive data like cookies or session tokens and can perform actions on behalf of the user, often triggered when the user clicks a link or visits a compromised page. This description fits perfectly: a malicious script designed to run in a user’s browser by exploiting trusted sites and delivered via a link or on a compromised site.

SQL injection targets the server side by manipulating database queries through input fields, not by running code in the user's browser. Phishing relies on social engineering to lure users into revealing credentials rather than executing scripts in their browser. Malicious link injection isn’t a standard, precise term for this kind of browser-executed attack; cross-site scripting is the established term and concept. To reduce risk, defenses include input sanitization and output encoding, a Content Security Policy, and secure handling of cookies (like HttpOnly) to limit what an injected script can access.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy