CompTIA CySA+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CySA+ Exam with our comprehensive test. Study using flashcards and multiple-choice questions that include hints and explanations to ensure your success. Get exam-ready today!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What type of attack is indicated by unauthorized pop-up messages asking for user credentials on a website?

  1. SQL injection

  2. Cross-site scripting

  3. Cross-site request forgery

  4. Rootkit

The correct answer is: Cross-site scripting

The type of attack indicated by unauthorized pop-up messages asking for user credentials on a website is an example of cross-site scripting (XSS). In this type of attack, malicious scripts are injected into trusted websites, which can execute in the context of a user's browser and potentially steal sensitive information such as login credentials. When a website is vulnerable to XSS, an attacker can exploit it by embedding unauthorized scripts that generate pop-ups, manipulate content, or redirect users to fraudulent pages. This deceptive method can trick users into providing personal information under the guise of a legitimate request, as the prompt appears to come from a reputable source. In contrast, the other options refer to different types of attacks. SQL injection involves inserting malicious SQL code into a query to manipulate databases, cross-site request forgery tricks the user into executing unwanted actions on a web application where they are authenticated, and rootkits are used to gain unauthorized root access to systems while remaining hidden. Each of these attack types has distinct characteristics and objectives that differentiate them from XSS.

More Questions Like This