SY0-301 · Question #751
Without validating user input, an application becomes vulnerable to all of the following EXCEPT:
The correct answer is C. Spear phishing.. Spear phishing is a social engineering attack targeting specific individuals through deceptive communication and does not rely on unvalidated application input fields.
Question
Without validating user input, an application becomes vulnerable to all of the following EXCEPT:
Options
- ABuffer overflow.
- BCommand injection.
- CSpear phishing.
- DSQL injection.
How the community answered
(20 responses)- A10% (2)
- B5% (1)
- C80% (16)
- D5% (1)
Why each option
Spear phishing is a social engineering attack targeting specific individuals through deceptive communication and does not rely on unvalidated application input fields.
Buffer overflow attacks occur when unsanitized input exceeds the memory buffer allocated by the application, making input validation a direct mitigation.
Command injection attacks insert OS commands through unsanitized input fields that are passed to a shell, and proper input validation would prevent this.
Spear phishing exploits human trust through crafted emails or messages rather than application input fields; it is a social engineering vector that occurs entirely outside the application's input-handling code, making it the one attack that input validation cannot prevent.
SQL injection attacks occur when user-supplied input is embedded directly into database queries without sanitization, making it a classic input validation failure.
Concept tested: Input validation and which attacks it mitigates vs. does not
Source: https://owasp.org/www-community/attacks/SQL_Injection
Topics
Community Discussion
No community discussion yet for this question.