nerdexam
CompTIA

SY0-301 · Question #733

Which of the following BEST describes a SQL Injection attack?

The correct answer is A. The attacker attempts to have the receiving server pass information to a back-end database from. A SQL injection attack involves inserting malicious SQL code into input fields so that the server passes it to a back-end database, allowing the attacker to manipulate or extract data.

Threats, vulnerabilities, and mitigations

Question

Which of the following BEST describes a SQL Injection attack?

Options

  • AThe attacker attempts to have the receiving server pass information to a back-end database from
  • BThe attacker attempts to have the receiving server run a payload using programming commonly
  • CThe attacker overwhelms a system or application, causing it to crash and bring the server down
  • DThe attacker overwhelms a system or application, causing it to crash, and then redirects the memory

How the community answered

(34 responses)
  • A
    88% (30)
  • B
    6% (2)
  • C
    3% (1)
  • D
    3% (1)

Why each option

A SQL injection attack involves inserting malicious SQL code into input fields so that the server passes it to a back-end database, allowing the attacker to manipulate or extract data.

AThe attacker attempts to have the receiving server pass information to a back-end database fromCorrect

SQL injection works by embedding SQL statements into user-supplied input that an application forwards unsanitized to a back-end database. The database then executes the injected commands, potentially exposing, modifying, or deleting data, which precisely matches choice A.

BThe attacker attempts to have the receiving server run a payload using programming commonly

Running a payload using common programming languages describes a code injection or cross-site scripting (XSS) attack, not SQL injection.

CThe attacker overwhelms a system or application, causing it to crash and bring the server down

Overwhelming a system to cause a crash describes a Denial of Service (DoS) attack, not SQL injection.

DThe attacker overwhelms a system or application, causing it to crash, and then redirects the memory

Crashing a system and redirecting memory describes a buffer overflow or DoS-based attack, not SQL injection.

Concept tested: SQL injection attack definition and mechanism

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#SQL injection#web attacks#database attacks

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice