nerdexam
CompTIA

SY0-301 · Question #751

Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

The correct answer is C. Spear phishing.. Spear phishing is a social engineering attack targeting specific individuals through deceptive communication and does not rely on unvalidated application input fields.

Threats, vulnerabilities, and mitigations

Question

Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

Options

  • ABuffer overflow.
  • BCommand injection.
  • CSpear phishing.
  • DSQL injection.

How the community answered

(20 responses)
  • A
    10% (2)
  • B
    5% (1)
  • C
    80% (16)
  • D
    5% (1)

Why each option

Spear phishing is a social engineering attack targeting specific individuals through deceptive communication and does not rely on unvalidated application input fields.

ABuffer overflow.

Buffer overflow attacks occur when unsanitized input exceeds the memory buffer allocated by the application, making input validation a direct mitigation.

BCommand injection.

Command injection attacks insert OS commands through unsanitized input fields that are passed to a shell, and proper input validation would prevent this.

CSpear phishing.Correct

Spear phishing exploits human trust through crafted emails or messages rather than application input fields; it is a social engineering vector that occurs entirely outside the application's input-handling code, making it the one attack that input validation cannot prevent.

DSQL injection.

SQL injection attacks occur when user-supplied input is embedded directly into database queries without sanitization, making it a classic input validation failure.

Concept tested: Input validation and which attacks it mitigates vs. does not

Source: https://owasp.org/www-community/attacks/SQL_Injection

Topics

#input validation#SQL injection#buffer overflow#injection attacks

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice