EC-Council
412-79V9 · Question #32
412-79V9 Question #32: Real Exam Question with Answer & Explanation
Sign in or unlock 412-79V9 to reveal the answer and full explanation for question #32. The question stem and answer options stay visible for context.
Question
Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability. What can a pen tester do to detect input sanitization issues?
Options
- ASend single quotes as the input data to catch instances where the user input is not sanitized
- BSend double quotes as the input data to catch instances where the user input is not sanitized
- CSend long strings of junk data, just as you would send strings to detect buffer overrun
- DUse a right square bracket (the "]" character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization
Unlock 412-79V9 to see the answer
You've previewed enough free 412-79V9 questions. Unlock 412-79V9 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.