CAS-003 · Question #76
CAS-003 Question #76: Real Exam Question with Answer & Explanation
The correct answer is C: The security administrator is concerned with SQL injection, and the developer should implement. The code in the question is an example of a SQL Injection attack. The code `1=1' will always provide a value of true. This can be included in statement designed to return all rows in a SQL In this question, the administrator has implemented client-side input validation. Client-si
Question
Options
- AThe security administrator is concerned with nonprintable characters being used to gain
- BThe security administrator is concerned with XSS, and the developer should normalize Unicode
- CThe security administrator is concerned with SQL injection, and the developer should implement
- DThe security administrator is concerned that someone may log on as the administrator, and the
Explanation
The code in the question is an example of a SQL Injection attack. The code `1=1' will always provide a value of true. This can be included in statement designed to return all rows in a SQL In this question, the administrator has implemented client-side input validation. Client-side validation can be bypassed. It is much more difficult to bypass server-side input validation. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Community Discussion
No community discussion yet for this question.