Certified Cloud Security Professional (CCSP) — Question 4

Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user's valid credentials?

Answer options

• A. Injection
• B. Missing function-level access control
• C. Cross-site scripting
• D. Cross-site request forgery

Correct answer: C

Explanation

The correct answer is C, Cross-site scripting, as it specifically refers to the exploitation of web applications by injecting malicious scripts through the user's browser. Options A and D, while related to web security, do not directly involve executing scripts via the user's browser in the same manner. Option B, Missing function-level access control, pertains to authorization issues and does not involve the execution of untrusted data.