Many different common threats exist against web-exposed services and applications. One attack involves attempting to leverage input fields to execute queries in a nested fashion that is unintended by the developers. What type of attack is this?
Injection attacks occur when an attacker manipulates input fields to insert malicious queries or commands that the application was not designed to process. This can allow unauthorized access, data theft, or manipulation. The most common type is SQL Injection, where an attacker injects SQL code into a query to alter the database’s behavior.
Why Not the Others?
B. Missing function-level access control → Happens when users can access restricted functionalities due to poor authorization checks, not by injecting commands.
C. Cross-site scripting (XSS) → Involves injecting malicious scripts (not database queries) into a website to execute in a victim's browser.
D. Cross-site request forgery (CSRF) → Tricks a user’s authenticated session into executing unwanted actions but does not involve injecting queries into input fields.
This section is not available anymore. Please use the main Exam Page.CCSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MaciekMT
2 months, 3 weeks agoakg001
5 months, 4 weeks ago