nerdexam
(ISC)2

CISSP · Question #318

During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL): What type of attack does this indicate?

The correct answer is B. Structured Query Language (SQL) injection. The question describes a malicious string embedded in a URL that indicates a SQL injection attack, where an attacker manipulates database queries through user-supplied input.

Submitted by tunde_lagos· Mar 5, 2026Software Development Security

Question

During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):

What type of attack does this indicate?

Options

  • ADirectory traversal
  • BStructured Query Language (SQL) injection
  • CCross-Site Scripting (XSS)
  • DShellcode injection

How the community answered

(28 responses)
  • A
    4% (1)
  • B
    71% (20)
  • C
    7% (2)
  • D
    18% (5)

Why each option

The question describes a malicious string embedded in a URL that indicates a SQL injection attack, where an attacker manipulates database queries through user-supplied input.

ADirectory traversal

Directory traversal attacks are identified by sequences like '../' or '%2e%2e%2f' in URLs that attempt to navigate the file system, not by SQL syntax strings.

BStructured Query Language (SQL) injectionCorrect

SQL injection attacks are commonly identified in URLs by the presence of SQL syntax such as single quotes, comment sequences (--), UNION SELECT statements, or Boolean logic (e.g., ' OR '1'='1) appended to query parameters. These strings attempt to manipulate backend database queries by injecting malicious SQL code through HTTP request parameters, which is a hallmark of SQL injection as catalogued by OWASP.

CCross-Site Scripting (XSS)

Cross-Site Scripting (XSS) attacks are identified by script-related strings in URLs such as '<script>', 'javascript:', or 'onerror=' tags intended to execute client-side code in a browser, not SQL syntax.

DShellcode injection

Shellcode injection involves binary or encoded machine code payloads designed to exploit memory vulnerabilities, not SQL command strings embedded in URL parameters.

Concept tested: Identifying SQL injection attack signatures in URLs

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#web application attacks#URL manipulation#vulnerability identification

Community Discussion

No community discussion yet for this question.

Full CISSP Practice