Certified Cloud Security Professional (CCSP) — Question 139

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

Answer options

• A. Missing function level access control
• B. Cross-site scripting
• C. Cross-site request forgery
• D. Injection

Correct answer: B

Explanation

The correct answer is B, Cross-site scripting, which involves executing malicious scripts in a user's browser with their credentials. Option A, missing function level access control, relates to authorization issues, while C, cross-site request forgery, involves tricking a user into executing unwanted actions on a web application. D, injection, pertains to inserting malicious code into a program or system.