CompTIA PenTest+ (PT0-003) — Question 152

During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:
?/<sCRitP>aLeRt("pwned")</ScriPt>
Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?

Answer options

• A. Arbitrary code execution; the affected computer should be placed on a perimeter network
• B. SQL injection attack; should be detected and prevented by a web application firewall
• C. Cross-site request forgery; should be detected and prevented by a firewall
• D. XSS obfuscated; should be prevented by input sanitization

Correct answer: D

Explanation

The correct answer is D because the payload demonstrates an obfuscated XSS (Cross-Site Scripting) attack, which involves injecting malicious scripts into web pages viewed by users. Other options are incorrect as they describe different types of attacks or inappropriate countermeasures that do not address the XSS vulnerability.