312-50V13 Question #246: Real Exam Question with Answer & Explanation

Question

Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

Options

• AOut of band and boolean-based
• BTime-based and union-based
• Cunion-based and error-based
• DTime-based and boolean-based

Explanation

SQL Injection Types Explanation

Option D (Time-based and boolean-based) is correct because Jane needs two specific capabilities: time-based blind SQL injection measures database response delays (e.g., using SLEEP() or WAITFOR DELAY) to infer true/false conditions based on how long the server takes to respond, while boolean-based blind SQL injection uses a secondary query that forces the database to return a true or false result (e.g., AND 1=1 vs AND 1=2) to extract information about user IDs.

Why the distractors are wrong:

• Option A is incorrect because out-of-band injection relies on separate network channels (like DNS/HTTP requests) to exfiltrate data, which doesn't align with testing response times or true/false logic
• Option B is incorrect because union-based injection appends additional SELECT statements to retrieve direct data output - it doesn't test timing or boolean conditions in the blind sense Jane requires
• Option C is incorrect because error-based injection deliberately triggers database error messages to extract data, and union-based doesn't address timing or boolean responses

💡 Memory Tip

Think "T-B = Time & Boolean" - Time measures the wait, Boolean measures the weight (true/false). Together they form the two pillars of blind SQL injection, which is what Jane is testing.

No community discussion yet for this question.