ユーザーが特別に用意された悪意のある Web サイトにアクセスしたときに、ハッカーがユーザーのコンピューター上でコードを実行するために使用できる攻撃は次のどれですか。
正解:C
Cross-site scripting (XSS) (Option C) allows attackers to inject malicious scripts into web pages viewed by users. When the user visits the compromised site, the script runs in the user's browser, potentially allowing the attacker to steal data or perform unauthorized actions. XSS is a common vulnerability in web applications that allows code execution. * DoS (Option A) disrupts services but doesn't involve executing code on a user's device. * Spoofing (Option B) involves impersonating another device or user but doesn't execute code. * SQL injection (Option D) attacks a database and is unrelated to executing code on the user's computer. CompTIA A+ Core 2 References: * 2.4 - Explain common social engineering attacks, including XSS.