CompTIA PenTest+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA PenTest+ Exam with our comprehensive materials. Test your knowledge with flashcards and multiple-choice questions, complete with explanations and hints. Achieve exam success!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

In which type of XSS attack does the malicious script not persist on the server?

  1. Persistent XSS attack

  2. Reflected XSS attack

  3. DOM-based XSS attack

  4. Stored XSS attack

The correct answer is: Reflected XSS attack

In a reflected XSS attack, the malicious script is injected into a web application through a user input, which is then reflected back to the user's browser immediately without being stored on the server. This type of attack exploits the trust a user has in a legitimate website and often occurs via URLs or HTTP requests, where the malicious payload is included as part of the request sent to the server. When the server processes this request, it includes the malicious script in the response to the browser, thus executing the script in the context of the user’s session. This means that the script does not remain on the server after the response is sent; it's a one-time execution based on a specific request. In contrast, persistent and stored XSS attacks involve scripts that are permanently stored on the server and can affect any user accessing the compromised content. DOM-based XSS manipulates the Document Object Model (DOM) in the user's browser and could behave similarly to reflected XSS by not being stored, but the defining factor remains that reflected XSS results from direct input without a server-side persistence after the fact.

More Questions Like This