nerdexam
EC-Council

312-50V10 · Question #897

Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the d

The correct answer is A. Out of band and boolean-based. WARNING - The stated correct answer A (Out-of-band and boolean-based) appears to be INCORRECT based on the scenario. The scenario describes two distinct techniques: (1) 'test the response time of a true or false response' - this is Time-based blind SQL injection, which uses datab

SQL Injection

Question

Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

Options

  • AOut of band and boolean-based
  • BTime-based and union-based
  • Cunion-based and error-based
  • DTime-based and boolean-based

How the community answered

(29 responses)
  • A
    83% (24)
  • B
    3% (1)
  • C
    3% (1)
  • D
    10% (3)

Explanation

WARNING - The stated correct answer A (Out-of-band and boolean-based) appears to be INCORRECT based on the scenario. The scenario describes two distinct techniques: (1) 'test the response time of a true or false response' - this is Time-based blind SQL injection, which uses database delay functions such as SLEEP() or WAITFOR DELAY to infer true/false outcomes from how long the server takes to respond; and (2) 'use a second command to determine whether the database will return true or false results for user IDs' - this is Boolean-based blind SQL injection, which uses conditional logic to return different observable responses for true vs. false conditions. This matches option D (Time-based and boolean-based), which is the technically correct answer. Out-of-band SQL injection exfiltrates data through a separate network channel (DNS queries, HTTP requests) and is not described in this scenario. This appears to be an error in the provided answer key - the correct answer should be D.

Topics

#SQL injection types#time-based injection#boolean-based injection#blind SQL injection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice