CompTIA Security+ (SY0-501) — Question 305

Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?

Answer options

• A. Buffer overflow
• B. MITM
• C. XSS
• D. SQLi

Correct answer: C

Explanation

The correct answer is C (XSS), which refers to Cross-Site Scripting, a method where attackers inject malicious scripts into content from otherwise trusted websites. A (Buffer overflow) is a vulnerability related to memory management, B (MITM) refers to Man-in-the-Middle attacks that intercept communications, and D (SQLi) involves injecting malicious SQL queries into a database, none of which specifically pertain to manipulating HTML iframes via JavaScript.