312-50V13 Question #593: Real Exam Question with Answer & Explanation

Question

Consider a hypothetical situation where an attacker, known for his proficiency in SQL Injection attacks, is targeting your web server. This adversary meticulously crafts 'q' malicious SQL queries, each inducing a delay of 'd' seconds in the server response. This delay in response is an indicator of a potential attack. If the total delay, represented by the product 'q*d', crosses a defined threshold 'T', an alert is activated in your security system. Furthermore, it is observed that the attacker prefers prime numbers for 'q', and 'd' follows a pattern in the Fibonacci sequence. Now, consider 'd=13' seconds (a Fibonacci number) and various values of 'q' (a prime number) and 'T'. Which among the following scenarios will most likely trigger an alert?

Options

• Aq=17, T=220: Even though the attacker increases 'q', the total delay ('q*d' = 221 seconds) just
• Bq=13, T=180: In this case, the total delay caused by the attacker ('q*d' = 169 seconds) breaches
• Cq=11, T=150: Here, the total delay induced by the attacker ('q*d' = 143 seconds) does not
• Dq=19, T=260: Despite the attacker's increased effort, the total delay ('q*d' = 247 seconds) does

Explanation

The scenario where 'q=17' and 'd=13' results in a total delay of 221 seconds, which exceeds the threshold 'T=220', will most likely trigger an alert.

Common mistakes.

• B. For q=13, T=180, the total delay is 13 * 13 = 169 seconds. This delay (169) does not breach the threshold (180), so an alert would not be triggered.
• C. For q=11, T=150, the total delay is 11 * 13 = 143 seconds. This delay (143) does not breach the threshold (150), so an alert would not be triggered.
• D. For q=19, T=260, the total delay is 19 * 13 = 247 seconds. This delay (247) does not breach the threshold (260), so an alert would not be triggered.

Concept tested. SQL injection time-based detection logic

No community discussion yet for this question.