nerdexam
GIAC

GCIH · Question #808

How should an incident handler classify the following event shown in the output below?

The correct answer is B. SQL Injection. The output shown contains SQL injection indicators such as manipulated query syntax in HTTP request parameters, making SQL Injection the correct classification.

Incident Response & Cyber Kill Chain

Question

How should an incident handler classify the following event shown in the output below?

Exhibit

GCIH question #808 exhibit

Options

  • ADNS Spoofing
  • BSQL Injection
  • CDirectory Traversal
  • DCommand Injection

How the community answered

(39 responses)
  • A
    8% (3)
  • B
    74% (29)
  • C
    5% (2)
  • D
    13% (5)

Why each option

The output shown contains SQL injection indicators such as manipulated query syntax in HTTP request parameters, making SQL Injection the correct classification.

ADNS Spoofing

DNS spoofing involves forging DNS response records to redirect victims to malicious IP addresses, which would appear in DNS traffic logs rather than SQL-related application output.

BSQL InjectionCorrect

SQL injection occurs when user-supplied input is embedded directly into a SQL query without proper sanitization or parameterization, allowing an attacker to alter the query's logic. The output likely shows HTTP request logs or IDS alerts containing SQL metacharacters, keywords (SELECT, UNION, DROP), or boolean payloads characteristic of SQL injection attempts.

CDirectory Traversal

Directory traversal attacks use path sequences like '../' to navigate outside the web root and access unauthorized files, producing file-path-related artifacts rather than SQL syntax.

DCommand Injection

Command injection involves embedding OS-level commands (e.g., '; ls -la') into application input to execute arbitrary shell commands, which is distinct from SQL query manipulation.

Concept tested: Classifying SQL injection from IDS or log output

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#incident classification#event analysis#web attacks

Community Discussion

No community discussion yet for this question.

Full GCIH Practice