Which of the following terms represent types of cross-site scripting attacks? (Choose two.)

The correct answer identifies two significant types of cross-site scripting (XSS) attacks: stored and reflected XSS.

Stored XSS occurs when malicious scripts are injected directly into a web application’s database or server. When a user retrieves the compromised data, the script runs automatically in their browser, allowing the attacker to execute actions as if they were that user. This type of attack can have long-lasting effects, as the script remains on the server and can affect multiple users over time.

Reflected XSS, on the other hand, involves the immediate execution of the malicious script reflected off the web server in response to an active HTTP request. This type of attack does not persist on the server; instead, the attacker must trick a user into clicking a link that contains the script, leading to the execution of the script in the user's browser. It typically targets users on a one-time basis, focusing more on immediate exploitation.

Understanding these two types is vital for developing effective security measures to prevent XSS attacks, as both methods exploit the trust that users have in a web application. The other choices, while they may relate to web security in general, do not represent recognized types of cross-site scripting attacks.