CREST Practitioner Security Analyst (CPSA) Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Master the CREST Practitioner Security Analyst Exam. Prepare with quizzes and comprehensive study guides that include tips and explanations. Excel in your certification journey!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which type of XSS is characterized by not storing the attacker's script in the backend?

  1. Persistent XSS

  2. Reflected XSS

  3. Non-Persistent XSS

  4. Stored XSS

The correct answer is: Non-Persistent XSS

Reflected XSS, also known as Non-Persistent XSS, is characterized by the attacker's script not being stored on the server side. Instead, it is delivered to the victim through the user's browser in real time, often via a URL. When a user clicks on a malicious link, the code is executed immediately, exploiting a vulnerability in the web application's handling of input without waiting to be stored. This type of XSS attack relies on the user being tricked into clicking a link that carries the malicious script, which is then included in the response from the server, allowing it to run in the user's browser context. As a result, the injection of the script does not persist in the server’s database or any other storage mechanism, making it non-persistent. Understanding this distinction is crucial for security analysis, as it highlights the immediate risk posed by such attacks, even though they may not involve stored data. This helps practitioners focus on the right mitigation strategies to minimize XSS vulnerabilities effectively.

More Questions Like This