Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 596

What is a difference between an XSS attack and an SQL injection attack?

Answer options

• A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attack can exist in many different types of applications.
• B. XSS attacks are used to steal information from databases, whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them.
• C. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications.
• D. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.

Correct answer: D

Explanation

The correct answer, D, accurately describes that SQL injection is used to steal information from databases, while XSS attacks focus on redirecting users to malicious sites for data theft. Options A and C incorrectly describe the nature and targets of XSS and SQL injection, and option B misrepresents the functions of both attack types.