ISC2 Exam CAP Topic 8 Question 78 Discussion

Actual exam question for ISC2's CAP exam

Question #: 78
Topic #: 8

[All CAP Questions]

The application is vulnerable to Cross-Site Scripting. Which of the following exploitation is NOT possible at all?

ASteal the user's session identifier stored on a non HttpOnly cookie

BSteal the contents from the web page

CSteal the contents from the application's database

DSteal the contents from the user's keystrokes using keyloggers

Show Suggested Answer

Suggested Answer: A

by Georgene at Jan 27, 2024, 09:18 AM

Limited Time Offer

25%

Off

Get Premium CAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Franchesca

7 days ago

I also believe option D is the correct answer. Cross-Site Scripting focuses on manipulating the web page, not capturing keystrokes.

upvoted 0 times

...

Alease

8 days ago

I agree with Paz. Keyloggers require access to the user's device, which is not related to Cross-Site Scripting.

upvoted 0 times

...

Levi

9 days ago

D) Stealing user keystrokes with keyloggers is definitely not possible with XSS. That's a completely different attack vector.

upvoted 0 times

...

Paz

10 days ago

I think option D is NOT possible because keyloggers can't be used in this scenario.

upvoted 0 times

...

Clare

12 days ago

I also believe option D is the correct answer. Keyloggers are a separate issue.

upvoted 0 times

...

Cheryl

13 days ago

I agree with Merri. Keyloggers are not related to Cross-Site Scripting.

upvoted 0 times

...

Therese

15 days ago

C) Stealing contents from the application's database is not possible with XSS. That's more of a SQL injection attack.

upvoted 0 times

...

Merri

20 days ago

I think option D is NOT possible because it involves keyloggers.

upvoted 0 times

...