GIAC Exam GCIH Topic 5 Question 21 Discussion

Actual exam question for GIAC's GCIH exam

Question #: 21
Topic #: 5

[All GCIH Questions]

John works as a Penetration Tester in a security service providing firm named you-are-secure Inc. Recently, John's company has got a project to test the security of a promotional Website www.missatlanta.com and assigned the pen-testing work to John. When John is performing penetration testing, he inserts the following script in the search box at the company home page:

After pressing the search button, a pop-up box appears on his screen with the text - "Hi, John." Which of the following attacks can be performed on the Web site tested by john while considering the above scenario?

AReplay attack

BCSRF attack

CBuffer overflow attack

DXSS attack

Show Suggested Answer

Suggested Answer: D

by Helga at Jul 03, 2024, 08:58 PM

Limited Time Offer

25%

Off

Get Premium GCIH Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Darnell

3 hours ago

I agree with Curtis, XSS attack seems to be the most relevant in this scenario. It's a common vulnerability that allows attackers to execute malicious scripts on the victim's browser.

upvoted 0 times

...

Curtis

5 days ago

I think the answer is D) XSS attack because the script injected by John is a classic example of a cross-site scripting attack.

upvoted 0 times

...