ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 17 discussion

Actual exam question from CompTIA's CS0-003
Question #: 17
Topic #: 1
[All CS0-003 Questions]

The security team reviews a web server for XSS and runs the following Nmap scan:

Which of the following most accurately describes the result of the scan?

  • A. An output of characters > and " as the parameters used m the attempt
  • B. The vulnerable parameter ID http://172.31.15.2/1.php?id-2 and unfiltered characters returned
  • C. The vulnerable parameter and unfiltered or encoded characters passed > and " as unsafe
  • D. The vulnerable parameter and characters > and " with a reflected XSS attempt
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ms123451 at Sept. 3, 2023, 4:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Narobi
Highly Voted 1 year, 5 months ago
Selected Answer: D
I was originally going to go with B, but the syntax of the parameter is incorrect at the end (has id-2 and not id=2) which negated this choice as a potentially valid answer. This would make D the only viable correct answer.
upvoted 8 times
Narobi
1 year, 4 months ago
Syntax is correct on real exam. Still went with D. Scored around 820.
upvoted 18 times
...
...
cy_analyst
Most Recent 6 months, 3 weeks ago
Selected Answer: D
Answer C focuses on identifying the vulnerability and the unsafe handling of characters, but does not go as far as to indicate an active exploit attempt. It’s more about describing the vulnerability itself. Answer D goes further by implying that the unfiltered characters (>, ") are part of a reflected XSS attack, indicating that the vulnerability has been or can be actively exploited.
upvoted 4 times
...
sigmarseifer
11 months, 3 weeks ago
Answer is C *ChatGPT-4o This option accurately describes the issue identified by the scan, which is that the characters > and " are being reflected in the response from the server without proper filtering or encoding. This indicates a potential reflected XSS vulnerability.
upvoted 3 times
...
kumax
1 year, 6 months ago
Selected Answer: D
ChatGPT
upvoted 2 times
...
ms123451
1 year, 8 months ago
Selected Answer: D
it is mentioned that it is reflected in the output
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago