EC-Council
412-79V10 · Question #201
412-79V10 Question #201: Real Exam Question with Answer & Explanation
Sign in or unlock 412-79V10 to reveal the answer and full explanation for question #201. The question stem and answer options stay visible for context.
Question
Black-box testing is a method of software testing that examines the functionality of an application (e.g., what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL Injections and to detect XSS, injection vulnerabilities. Most commonly, SQL injection vulnerabilities are a result of using vulnerable programming during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability. What can a pen tester do to detect input sanitization issues?
Options
- ASend single quotes as the input data to catch instances where the user input is not sanitized
- BSend double quotes as the input data to catch instances where the user input is not sanitized
- CSend long strings of junk data, just as you would send strings to detect buffer overruns
- DSend a SQL escape character (the '?' character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization
Unlock 412-79V10 to see the answer
You've previewed enough free 412-79V10 questions. Unlock 412-79V10 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.