Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCIH Exam - Topic 8 Question 47 Discussion

Actual exam question for GIAC's GCIH exam
Question #: 47
Topic #: 8
[All GCIH Questions]

Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Aileen at Nov 20, 2025, 09:25 AM

Limited Time Offer

25%

Off

Get Premium GCIH Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Oretha
2 months ago
But the scenario fits D) Persistent best. User data at risk.
upvoted 0 times
...
Delila
2 months ago
I feel like B) DOM is relevant too. Manipulates the page.
upvoted 0 times
...
Glory
2 months ago
I lean towards D) Persistent. More damage over time.
upvoted 0 times
...
Kate
2 months ago
Not so sure. Could be A) Non persistent too. Quick attacks.
upvoted 0 times
...
Gaynell
2 months ago
Agreed, D) Persistent makes sense. It's long-term.
upvoted 0 times
...
Kristofer
2 months ago
I think it's D) Persistent. The code stays on the site.
upvoted 0 times
...
Vicky
3 months ago
Not sure about that, but it sounds sketchy.
upvoted 0 times
...
Loise
3 months ago
Wait, can XSS really steal history? That's wild!
upvoted 0 times
...
Muriel
3 months ago
Definitely a persistent attack!
upvoted 0 times
...
Johana
4 months ago
D. Persistent XSS, because who doesn't love a good old-fashioned data breach?
upvoted 0 times
...
Carissa
4 months ago
Hmm, I'd say A. Non-persistent XSS is the classic choice for forum shenanigans.
upvoted 0 times
...
Mickie
4 months ago
B. DOM-based XSS is the most elegant way to hijack those accounts.
upvoted 0 times
...
Craig
4 months ago
Definitely D. Persistent XSS is the way to go for maximum damage.
upvoted 0 times
...
Eliz
4 months ago
I practiced a question similar to this, and I think persistent is the right answer because it involves stored data on the server.
upvoted 0 times
...
Clorinda
4 months ago
I feel like this could be a DOM-based attack too, but I need to double-check how that differs from persistent XSS.
upvoted 0 times
...
Almeta
5 months ago
I'm not entirely sure, but I remember something about non-persistent XSS being more about immediate execution without saving on the server.
upvoted 0 times
...
Cathrine
5 months ago
I think this might be a persistent XSS attack since the code stays on the website and affects multiple users over time.
upvoted 0 times
...
Alberta
5 months ago
Okay, I've got it now. The question is asking about the type of XSS attack, so the answer must be either persistent or DOM-based. I'll go with persistent since the hacker is submitting the code directly.
upvoted 0 times
...
Tuyet
5 months ago
Persistent XSS attacks store the malicious code on the server, so it gets executed every time the page is loaded. That sounds like what's happening here, with the hacker submitting the code to the forum.
upvoted 0 times
...
Jaleesa
5 months ago
Sounds like a persistent XSS attack to me.
upvoted 0 times
...
Alyce
6 months ago
I think it's non-persistent, right?
upvoted 0 times
...
Reiko
6 months ago
B. DOM-based XSS, the hacker's version of a mic drop.
upvoted 0 times
...
Nenita
6 months ago
I'm a bit confused on the difference between persistent and non-persistent XSS attacks. I'll need to review that part of the material before answering.
upvoted 0 times
...
Nathan
6 months ago
I think this is a DOM-based XSS attack, where the malicious code is injected into the website's Document Object Model and executed when the user visits the page.
upvoted 0 times
Brett
30 days ago
Definitely, the injection happens in the DOM.
upvoted 0 times
...
Richelle
1 month ago
Persistent could be a possibility, but DOM fits better.
upvoted 0 times
...
Mickie
1 month ago
Non-persistent seems unlikely here.
upvoted 0 times
...
Hermila
5 months ago
Yeah, the code runs in the user's browser.
upvoted 0 times
...
Lisha
6 months ago
I believe it's a DOM-based XSS attack too.
upvoted 0 times
...
...

Save Cancel