ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 246 discussion

Actual exam question from CompTIA's CS0-002
Question #: 246
Topic #: 1
[All CS0-002 Questions]

A security analyst is reviewing WAF alerts and sees the following request:

Request="GET /public/report.html?iewt=9064 AND 1=1 UNION ALL SELECT 1,NULL,table_name FROM information_schema.tables WHERE 2>1--/**/; HTTP/1.1 Host=mysite.com

Which of the following BEST describes the attack?

  • A. SQL injection
  • B. LDAP injection
  • C. Command injection
  • D. Denial of service
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by gwanedm at Dec. 2, 2022, 9:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JMyke
1 year, 7 months ago
Selected Answer: A
1=1= SQL.
upvoted 1 times
...
Tricee
2 years ago
Selected Answer: A
A Command injection attacks an operating system, while SQL injections attack a database. It appears that this, WAF is backed by a database and therefore this has to be a SQL attack.
upvoted 2 times
...
NerdAlert
2 years ago
Selected Answer: A
both conditions 1=1 and 2>1 are good indicators.
upvoted 2 times
...
AaronS1990
2 years, 2 months ago
Selected Answer: A
This is definitely A
upvoted 2 times
2Fish
2 years, 1 month ago
This is for sure an SQLi attack with the 1=1 along with the UNION statement.
upvoted 1 times
...
...
CatoFong
2 years, 3 months ago
Selected Answer: A
1 = 1 = A
upvoted 1 times
...
bdub16
2 years, 4 months ago
Selected Answer: A
1=1, SQLi
upvoted 1 times
...
Alizadeh
2 years, 4 months ago
Selected Answer: A
This request is likely an attempt to perform an SQL injection attack. SQL injection attacks involve injecting malicious code into an application's SQL database in order to execute unauthorized commands or access sensitive data. The request shown in the example appears to be attempting to perform an SQL injection attack by appending malicious code to the end of a legitimate SQL query. The code "UNION ALL SELECT 1, NULL, table_name FROM information_schema.tables WHERE 2>1--" is attempting to retrieve the names of tables in the database, and the "--" at the end is used to comment out the rest of the query and prevent it from being executed. Overall, this request appears to be an attempt to perform an SQL injection attack on the application.
upvoted 2 times
...
marc4354345
2 years, 4 months ago
Selected Answer: A
A, what else?
upvoted 1 times
...
mrodmv
2 years, 5 months ago
Selected Answer: A
SQL injection
upvoted 4 times
...
gwanedm
2 years, 5 months ago
Selected Answer: A
This is an SQL Injection attack for sure
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago