Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 61

What is the difference between Cross-site Scripting and SQL Injection attacks?

Answer options

• A. Cross-site Scripting is when executives in a corporation are attacked, whereas SQL Injection is when a database is manipulated.
• B. Cross-site Scripting is an attack where code is executed from the server side, whereas SQL Injection is an attack where code is executed from the client side.
• C. Cross-site Scripting is a brute force attack targeting remote sites, whereas SQL Injection is a social engineering attack.
• D. Cross-site Scripting is an attack where code is injected into a database, whereas SQL Injection is an attack where code is injected into a browser.

Correct answer: B

Explanation

The correct answer is B because Cross-site Scripting (XSS) executes malicious scripts in a user's browser (client side), while SQL Injection targets the database by manipulating SQL queries (server side). The other options incorrectly describe the nature of these attacks, mixing up their targets and methods.