CompTIA Security+ (SY0-501) — Question 97

Which of the following is the main difference between an XSS vulnerability and a CSRF vulnerability?

Answer options

• A. XSS needs the attacker to be authenticated to the trusted server.
• B. XSS does not need the victim to be authenticated to the trusted server.
• C. CSRF needs the victim to be authenticated to the trusted server.
• D. CSRF does not need the victim to be authenticated to the trusted server.
• E. CSRF does not need the attacker to be authenticated to the trusted server.

Correct answer: B, C

Explanation

The correct answer B indicates that XSS attacks can occur without the victim being authenticated, while C states that CSRF attacks require the victim to be authenticated. Options A and E are incorrect because they misrepresent the requirements for an attacker in both types of vulnerabilities. Option D is also not correct as it contradicts the authentication requirement for CSRF.