PT0-002 · Question #422
PT0-002 Question #422: Real Exam Question with Answer & Explanation
The correct answer is A: Boolean-based SQL injection. {"question_number": 2, "question": "Given the following user-supplied data: Which of the following attack techniques is the penetration tester likely implementing?", "correct_answer": "A. Boolean-based SQL injection", "explanation": "Boolean-based SQL injection uses TRUE/FALSE co
Question
Given the following user-supplied data: Which of the following attack techniques is the penetration tester likely implementing?
Options
- ABoolean-based SQL injection
- BTime-based SQL injection
- CStored cross-site scripting
- DReflected cross-site scripting
Explanation
{"question_number": 2, "question": "Given the following user-supplied data: Which of the following attack techniques is the penetration tester likely implementing?", "correct_answer": "A. Boolean-based SQL injection", "explanation": "Boolean-based SQL injection uses TRUE/FALSE conditional logic (e.g., 1' AND 1=1-- vs 1' AND 1=2--) to infer information from the database based on whether the application returns different responses. The injected payload manipulates the query's WHERE clause with boolean expressions. Time-based SQL injection relies on database delay functions like SLEEP() or WAITFOR DELAY to infer data. Stored XSS injects malicious scripts that are persisted in the database and served to other users. Reflected XSS injects scripts that are immediately reflected back in the server's response. The user-supplied data (even though not shown in text form) is consistent with boolean conditional injection syntax.", "generated_by": "claude-sonnet", "llm_judge_score": 3}
Topics
Community Discussion
No community discussion yet for this question.