Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CS0-003 Exam - Topic 3 Question 49 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 49
Topic #: 3
[All CS0-003 Questions]

While reviewing web server logs, a security analyst found the following line:

Which of the following malicious activities was attempted?

Show Suggested Answer Hide Answer
Suggested Answer: D

XSS is a type of web application attack that exploits the vulnerability of a web server or browser to execute malicious scripts or commands on the client-side. XSS attackers inject malicious code, such as JavaScript, VBScript, HTML, or CSS, into a web page or application that is viewed by other users.The malicious code can then access or manipulate the user's session, cookies, browser history, or personal information, or perform actions on behalf of the user, such as stealing credentials, redirecting to phishing sites, or installing malware12

The line in the web server log shows an example of an XSS attack using VBScript. The attacker tried to insert an <IMG> tag with a malicious SRC attribute that contains a VBScript code. The VBScript code is intended to display a message box with the text ''test'' when the user views the web page or application.This is a simple and harmless example of XSS, but it could be used to test the vulnerability of the web server or browser, or to launch more sophisticated and harmful attacks3


by Sabine at Nov 22, 2025, 05:27 PM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Reiko
1 month ago
D) Cross-site scripting is the best choice. The context fits perfectly.
upvoted 0 times
...
Mira
2 months ago
I feel like A is a possibility, but D is more likely here.
upvoted 0 times
...
Leonida
2 months ago
No way, it's definitely D. The message box indicates XSS.
upvoted 0 times
...
Harris
2 months ago
I was leaning towards A) Command injection. It seems like it could be that too.
upvoted 0 times
...
Adolph
2 months ago
Agreed, D makes sense. The script tag is a giveaway.
upvoted 0 times
...
Lillian
2 months ago
Not so sure about that, could be something else too.
upvoted 0 times
...
Laurel
2 months ago
Totally agree, it's XSS for sure.
upvoted 0 times
...
Pa
3 months ago
I think it's more like command injection.
upvoted 0 times
...
Tequila
3 months ago
D) Cross-site scripting, no doubt. Gotta love those creative hackers and their little tricks.
upvoted 0 times
...
Elmer
3 months ago
I'd go with D) Cross-site scripting on this one. Looks like someone's trying to get a little too creative with their web server logs.
upvoted 0 times
...
Arthur
4 months ago
Haha, someone's trying to pull off a little D) Cross-site scripting action, eh? Classic.
upvoted 0 times
...
Jarod
4 months ago
A) Command injection? Nah, this looks more like a case of D) Cross-site scripting to me.
upvoted 0 times
...
Thomasena
4 months ago
D) Cross-site scripting, definitely. That's a classic XSS attack right there.
upvoted 0 times
...
Maybelle
4 months ago
I practiced a question like this, and I think the answer is definitely A) Command injection, but I could be wrong.
upvoted 0 times
...
Hoa
4 months ago
This looks like a classic case of XSS, but I wonder if it could also be interpreted as something else.
upvoted 0 times
...
Cordie
4 months ago
I'm not entirely sure, but I remember something about command injection being similar.
upvoted 0 times
...
Lonny
5 months ago
Easy one! Cross-site scripting (XSS) all the way. The `vbscript:` prefix is a dead giveaway.
upvoted 0 times
...
Idella
5 months ago
I'm a bit confused here. Isn't command injection more about executing arbitrary system commands? This seems more like a client-side attack.
upvoted 0 times
...
Renato
5 months ago
Definitely going with D) Cross-site scripting. The `msgbox("test")` function call is a classic XSS payload.
upvoted 0 times
...
Jose
5 months ago
I think this might be related to Cross-site scripting since it involves injecting a script.
upvoted 0 times
...
Gene
5 months ago
I think it's D) Cross-site scripting. Looks like an XSS attempt.
upvoted 0 times
...
Mammie
6 months ago
Surprised to see that in logs! Is that really a thing?
upvoted 0 times
...
Lai
6 months ago
That's definitely a cross-site scripting attempt.
upvoted 0 times
...
Janey
6 months ago
I'm not too sure about this one. Could it also be a server-side request forgery (SSRF) attack? The `SRC` attribute seems a bit suspicious.
upvoted 0 times
...
Lili
6 months ago
Hmm, this looks like a cross-site scripting (XSS) attempt. The `vbscript:` prefix is a clear giveaway.
upvoted 0 times
Genevieve
21 days ago
Good catch! XSS can be really damaging.
upvoted 0 times
...
Heike
26 days ago
We need to sanitize inputs better to prevent this.
upvoted 0 times
...
Jerry
1 month ago
I wonder how many sites are vulnerable to this.
upvoted 0 times
...
Francene
1 month ago
Agreed! It's a classic XSS attack.
upvoted 0 times
...
Ozell
5 months ago
Definitely looks like XSS to me. That `vbscript:` is suspicious.
upvoted 0 times
...
...

Save Cancel