Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 238 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 238
Topic #: 1
[All 312-50v12 Questions]

As an IT Security Analyst, you've been asked to review the security measures of an e-commerce website that relies on a SQL database for storing sensitive customer data. Recently, an anonymous tip has alerted you to a possible threat: a seasoned hacker who specializes in SQL Injection attacks may be targeting your system. The site already employs input validation measures to prevent basic injection attacks, and it blocks any user inputs containing suspicious patterns. However, this hacker is known to use advanced SQL Injection techniques. Given this situation, which of the following strategies would the hacker most likely adopt to bypass your security measures?

  • A. The hacker might employ a 'blind' SQL Injection attack, taking advantage of the application's true or false responses to extract data bit by bit
  • B. The hacker may resort to a DDoS attack instead, attempting to crash the server and thus render the e-commerce site unavailable
  • C. The hacker may try to use SQL commands which are less known and less likely to be blocked by your system's security
  • D. The hacker could deploy an 'out-of-band' SQL Injection attack, extracting data via a different communication channel, such as DNS or HTTP requests
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by DarioReymag at Feb. 6, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
g_man_rap
6 months, 4 weeks ago
Considering the advanced techniques that could be employed by a seasoned hacker and the current security measures in place on the e-commerce site, the most likely effective strategies would be Option A (Blind SQL Injection) and Option D (Out-of-Band SQL Injection). Both of these methods can effectively circumvent input validation that merely blocks known patterns or direct data leakage. Option A is subtle and can be very slow, but it's quite effective in environments where the application gives any sort of feedback based on the query's success or failure. Option D is sophisticated and can bypass more stringent controls by causing the database server to send data to an attacker-controlled location, potentially without triggering alerts that are based on typical input patterns. Both options should be actively guarded against by implementing advanced SQL injection prevention techniques, such as using parameterized queries, employing least privilege on database permissions, and comprehensive monitoring and logging of database queries.
upvoted 3 times
...
insaniunt
9 months, 2 weeks ago
Selected Answer: A
In the given scenario, the hacker specializes in SQL Injection attacks and is known for using advanced techniques. Based on this information, the most likely strategy the hacker would adopt to bypass the security measures is: A. The hacker might employ a 'blind' SQL Injection attack, taking advantage of the application's true or false responses to extract data bit by bit.
upvoted 2 times
...
rorahir
9 months, 2 weeks ago
Hey CEH team can we double-check this CEH method"
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel