On the Exam, Choose B and D, I don't see any reference to Answer A (External Entity Injection) in the official material, but I do for Answers B and D. /shrug, awful question
Another bad question from Cisco. more elaboration is needed for the question. If the question read specifically "Two Examples of Server Side Injection" then A and D are 100% correct as Cross-Site is Client Side. awful question because the answer here very well could be B and D if you put your blinders on to anything outside of Cisco material. The type of questions that make me feel like this exam truly is meant to brainwash you instead of test your knowledge.
Code injection vulnerabilities occur when an attacker is able to insert and execute malicious code into a program or query. Here’s how the correct examples fit:
XML External Entity (XXE) Injection (A):
This occurs when an application processes XML input containing a reference to an external entity.
Attackers can exploit XXE vulnerabilities to extract sensitive data, perform denial of service (DoS), or execute remote requests.
SQL Injection (D):
In this attack, an attacker inserts malicious SQL statements into an input field to manipulate the database.
SQL injection can lead to unauthorized access to sensitive data, database corruption, or even full system compromise.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
XanALaOM00
2 weeks, 6 days agoXanALaOM00
2 weeks, 6 days agoaa4a63c
2 months, 3 weeks agoPierre_Bouvier
4 months, 3 weeks ago