The correct answer is:
D. SQL injection
SQL injection is a type of attack that involves inserting malicious SQL statements into an input field. These statements can then be executed by the database, allowing the attacker to view or manipulate the data. This can lead to unauthorized access to the database, data leakage, or even the modification and deletion of data.
Here’s why the other options are not correct in this context:
- A.
This involves injecting malicious scripts into webpages viewed by other users, but it does not specifically involve running commands that directly view or manipulate data in a database.
- B
This typically refers to installing applications from unofficial sources, not related to input fields and running commands.
-C.
This involves exploiting a program by writing more data to a buffer than it can hold, potentially allowing the execution of arbitrary code, but it does not specifically use input fields to run commands on data.
SQL injection: SQL injection involves inserting malicious SQL queries into input fields or other user-controllable data sources to manipulate the database backend. By exploiting SQL injection vulnerabilities, attackers can execute arbitrary SQL commands that can view, modify, or delete data stored in the database. This technique directly enables the use of an input field to run commands that manipulate data.
Therefore, the correct answer is SQL injection. It allows attackers to execute commands through input fields to manipulate data within a database.
Even though I believe the answer is D (SQLi) I still think A (XSS) is a valid answer. The question does not specify whether "data" refers specifically to application data or database data. If the question explicitly mentioned "database data," then SQL Injection (D) would be 100% correct.
Why can it be A then? When an XSS script runs, it can view, modify, or exfiltrate data. A simple example would be grabbing and replacing cookies, which requires the ability to view and manipulate data. XSS can also exhibit CSRF-like behavior, as it can steal a session and use it to interact with APIs as if it were the victim, which also requires viewing and manipulating data.
Correct answer is D (SQL injection).
> SQL injection Involves inserting malicious SQL code into input fields.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Etc_Shadow28000
Highly Voted 6 months, 1 week agoaws_guru1
6 months, 3 weeks agometzen227
Highly Voted 11 months, 1 week agoshootweb
Most Recent 3 weeks, 4 days agoPAWarriors
7 months, 4 weeks ago