312-50V10 · Question #897
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the d
The correct answer is A. Out of band and boolean-based. WARNING - The stated correct answer A (Out-of-band and boolean-based) appears to be INCORRECT based on the scenario. The scenario describes two distinct techniques: (1) 'test the response time of a true or false response' - this is Time-based blind SQL injection, which uses datab
Question
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?
Options
- AOut of band and boolean-based
- BTime-based and union-based
- Cunion-based and error-based
- DTime-based and boolean-based
How the community answered
(29 responses)- A83% (24)
- B3% (1)
- C3% (1)
- D10% (3)
Explanation
WARNING - The stated correct answer A (Out-of-band and boolean-based) appears to be INCORRECT based on the scenario. The scenario describes two distinct techniques: (1) 'test the response time of a true or false response' - this is Time-based blind SQL injection, which uses database delay functions such as SLEEP() or WAITFOR DELAY to infer true/false outcomes from how long the server takes to respond; and (2) 'use a second command to determine whether the database will return true or false results for user IDs' - this is Boolean-based blind SQL injection, which uses conditional logic to return different observable responses for true vs. false conditions. This matches option D (Time-based and boolean-based), which is the technically correct answer. Out-of-band SQL injection exfiltrates data through a separate network channel (DNS queries, HTTP requests) and is not described in this scenario. This appears to be an error in the provided answer key - the correct answer should be D.
Topics
Community Discussion
No community discussion yet for this question.