Computer Hacking Forensic Investigator (CHFI) — Question 48

During an investigation of an XSS attack, the investigator comes across the term "[a-zA-Z0-9\%]+" in analyzed evidence details. What is the expression used for?

Answer options

• A. Checks for upper and lower-case alphanumeric string inside the tag, or its hex representation
• B. Checks for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent
• C. Checks for opening angle bracket, its hex or double-encoded hex equivalent
• D. Checks for closing angle bracket, hex or double-encoded hex equivalent

Correct answer: B

Explanation

The correct answer, B, is accurate because the expression '[a-zA-Z0-9\%]+' is designed to identify alphanumeric characters and the percent sign, which is commonly used in encoding. The other options refer to different aspects of HTML tags that are not relevant to this specific expression.