Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 613

What is a difference between an SQL injection and a cross-site scripting attack?

Answer options

• A. SQL injection intercepts user information, and XSS causes false or unpredictable results.
• B. SQL injection modifies SQL queries, and XSS cloaks by encoding tags.
• C. SQL injection detects environments, and XSS cloaks by encoding tags.
• D. SQL injection modifies SQL queries, and XSS allows access to files beyond the root folder.

Correct answer: B

Explanation

The correct answer, B, accurately describes that SQL injection modifies SQL queries to manipulate databases, while XSS uses encoding to hide malicious scripts within HTML tags. The other options either misrepresent the nature of the attacks or provide inaccurate details about their functions.