EC-Council
412-79V8 · Question #15
412-79V8 Question #15: Real Exam Question with Answer & Explanation
Sign in or unlock 412-79V8 to reveal the answer and full explanation for question #15. The question stem and answer options stay visible for context.
Question
Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities. Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability. What can a pen tester do to detect input sanitization issues?
Exhibit
Options
- ASend single quotes as the input data to catch instances where the user input is not sanitized
- BSend double quotes as the input data to catch instances where the user input is not sanitized
- CSend long strings of junk data, just as you would send strings to detect buffer overruns
- DUse a right square bracket (the "]" character) as the input data to catch instances where the user input
Unlock 412-79V8 to see the answer
You've previewed enough free 412-79V8 questions. Unlock 412-79V8 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.