CompTIA Security+ (SY0-501) — Question 127

Which of the following is a major difference between XSS attacks and remote code exploits?

Answer options

• A. XSS attacks use machine language, while remote exploits use interpreted language
• B. XSS attacks target servers, while remote code exploits target clients
• C. Remote code exploits aim to escalate attackers' privileges, while XSS attacks aim to gain access only
• D. Remote code exploits allow writing code at the client side and executing it, while XSS attacks require no code to work

Correct answer: C

Explanation

The correct answer is C because remote code exploits are designed to enhance the attacker's privileges on the system, while XSS attacks primarily aim to capture session information or perform actions on behalf of users without escalating privileges. The other options incorrectly describe the nature and targets of XSS attacks and remote code exploits.