nerdexam
ExamsSY0-301Questions#751
CompTIA

SY0-301 · Question #751

SY0-301 Question #751: Real Exam Question with Answer & Explanation

The correct answer is C: Spear phishing.. Spear phishing is a social engineering attack targeting specific individuals through deceptive communication and does not rely on unvalidated application input fields.

Question

Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

Options

  • ABuffer overflow.
  • BCommand injection.
  • CSpear phishing.
  • DSQL injection.

Explanation

Spear phishing is a social engineering attack targeting specific individuals through deceptive communication and does not rely on unvalidated application input fields.

Common mistakes.

  • A. Buffer overflow attacks occur when unsanitized input exceeds the memory buffer allocated by the application, making input validation a direct mitigation.
  • B. Command injection attacks insert OS commands through unsanitized input fields that are passed to a shell, and proper input validation would prevent this.
  • D. SQL injection attacks occur when user-supplied input is embedded directly into database queries without sanitization, making it a classic input validation failure.

Concept tested. Input validation and which attacks it mitigates vs. does not

Reference. https://owasp.org/www-community/attacks/SQL_Injection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice