This is a tricky question, and I believe the provided answer is correct and here is why. They ask what is the flaw that caused the attacker to exploit this vulnerability?
I agree that the attacker uses the web application or the user input to exploit the vulnerability, and give commands to connect to the database and get everything needed about the database. But what where is the actual flaw? Was it A. the web application and the user input? No, it’s not, or it would be XSS vulnerability. The attacker leveraged a flaw in the Database, using the web application or the user input as a way to communicate with the Database and extract all the info about the database. With that being said, I believe that the provided answer is correct, and I will go with C.
As others have highlighted already, the "flaw" would refer to the vulnerability which in this example would be the user input validation (or lack of).
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-dcnm-sql-inj-OAQOObP.html
This is also verified in the above link...
"CVE-2021-1248: Cisco DCNM SQL Injection Vulnerability
A vulnerability in a REST API endpoint of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges to execute arbitrary SQL commands on an affected device.
This vulnerability is due to insufficient validation of user-supplied input to the API. An attacker with administrative privileges could exploit this vulnerability by sending a crafted request to the API"
I believe the answer is C. The Database is unable to sanitize the data sent to it through the web page/application as it relies heavily on the web page/application to sanitize the code. That is the databases flaw. The attacker is leveraging the fact that the database can't do anything to prevent the attacker from sending the code.
Very tricky question...
for me the answer is C, because you can have systems which is using web to connect into database, so all the queries are coming from web to database, the user wont exploit web but database through web, so for me I will go with Database instead of web.
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kudlaaaaty
Highly Voted 5 years agoeazy99
Highly Voted 3 years, 9 months agoDorr20
2 years, 2 months agootzu1
3 years, 2 months agoRockbo47
Most Recent 8 months, 4 weeks agoitsklk
2 years, 1 month agonomanlands
2 years, 11 months agotom_1991
3 years agoTesterDude
3 years, 1 month agosheki2005
3 years, 1 month agobrownbear505
3 years, 3 months agoelast1c
3 years, 4 months agourathod
3 years, 5 months agoefongvan
3 years, 5 months agoPrinM
3 years, 6 months agobassfunk
3 years, 6 months agojaciro11
3 years, 7 months agoExamP
3 years, 9 months agoRaajaa
3 years, 12 months ago