New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA SY0-701 Exam - Topic 1 Question 36 Discussion

Actual exam question for CompTIA's SY0-701 exam
Question #: 36
Topic #: 1
[All SY0-701 Questions]

While reviewing logs, a security administrator identifies the following code:

Which of the following best describes the vulnerability being exploited?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Inocencia at Mar 22, 2025, 01:08 AM

Limited Time Offer

25%

Off

Get Premium SY0-701 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rasheeda
2 months ago
CSRF could be a possibility, but XSS fits better.
upvoted 0 times
...
Lynsey
2 months ago
Wait, is this really XSS? Seems too simple.
upvoted 0 times
...
Fredric
2 months ago
I thought it might be SQLi at first.
upvoted 0 times
...
Franklyn
3 months ago
Looks like classic XSS to me.
upvoted 0 times
...
Twana
3 months ago
Definitely XSS, no doubt about it!
upvoted 0 times
...
Donte
3 months ago
DDoS seems unlikely here, but I guess CSRF could be a possibility. Still, I lean towards XSS based on what I studied.
upvoted 0 times
...
Veronika
3 months ago
I'm a bit confused; could this also be SQLi? I recall something about injecting code, but I don't remember the specifics.
upvoted 0 times
...
Ronnie
4 months ago
I remember practicing a question about XSS vulnerabilities, and it had a similar code snippet. I feel like A is the right choice.
upvoted 0 times
...
Linsey
4 months ago
I think this might be related to XSS since it involves a script tag, but I'm not entirely sure.
upvoted 0 times
...
Shawnna
4 months ago
I think the best approach here is to carefully analyze the code and consider the potential vulnerabilities that could be exploited. XSS and SQL injection are both good possibilities, but I'll need to dig deeper to determine the most likely scenario.
upvoted 0 times
...
Caitlin
4 months ago
DDoS? Really? I don't see anything in this code that would indicate a DDoS vulnerability. That's not the right answer here. I'm going to focus on the more likely possibilities of XSS or SQL injection.
upvoted 0 times
...
Rodolfo
4 months ago
Okay, I've got this. The function `send_info()` is probably being used to send data to the server, which could potentially be vulnerable to SQL injection if the input is not properly sanitized. I'll make sure to check for that.
upvoted 0 times
...
Ruthann
5 months ago
Hmm, I'm not sure about this one. The code snippet is pretty short, so it's hard to tell exactly what's going on. I'll need to think it through carefully and consider the other options before making a decision.
upvoted 0 times
...
Cheryl
5 months ago
This looks like a classic XSS vulnerability. The function `send_info()` is likely being used to execute arbitrary JavaScript code, which could allow an attacker to steal sensitive information or perform other malicious actions.
upvoted 0 times
...
Buck
10 months ago
You know, I bet the developers were just trying to 'send_info' in the most efficient way possible. Efficiency at its finest, amirite?
upvoted 0 times
Carma
9 months ago
B) SQLi
upvoted 0 times
...
Tracey
10 months ago
A) XSS
upvoted 0 times
...
...
Sanda
10 months ago
CSRF? Nah, that doesn't make sense. Gotta be XSS, my dude. Straight up web injection shenanigans.
upvoted 0 times
...
Leslie
11 months ago
DDoS? Really? That's a bit of a stretch, don't you think? This is clearly an XSS vulnerability.
upvoted 0 times
...
Julio
11 months ago
I think it could also be CSRF, as it involves unauthorized actions being performed on behalf of the user.
upvoted 0 times
...
Shawna
11 months ago
But the code looks like it's trying to send information, which is more characteristic of XSS.
upvoted 0 times
...
Mary
11 months ago
I disagree, I believe it's SQLi.
upvoted 0 times
...
Elizabeth
11 months ago
Hmm, I'm not sure. Could it be SQLi too? That function name seems a bit suspicious.
upvoted 0 times
Veda
10 months ago
User 3: Yeah, XSS makes sense. It's important to be cautious with any suspicious code.
upvoted 0 times
...
Teddy
10 months ago
User 2: Oh, I see. Thanks for clarifying. I'll keep that in mind.
upvoted 0 times
...
Iluminada
10 months ago
User 1: It's actually XSS, not SQLi. That function could be used to inject malicious scripts.
upvoted 0 times
...
...
Shawna
11 months ago
I think the vulnerability being exploited is XSS.
upvoted 0 times
...
Goldie
11 months ago
Definitely XSS, that code looks like it's trying to run something shady in the browser.
upvoted 0 times
Vinnie
11 months ago
User 3: It's important to always sanitize user input to prevent XSS attacks.
upvoted 0 times
...
Chantell
11 months ago
User 2: XSS is a common vulnerability that attackers use to run malicious scripts.
upvoted 0 times
...
Nakisha
11 months ago
User 1: I agree, that code definitely looks like it's trying to execute something in the browser.
upvoted 0 times
...
...

Save Cancel