GPYC Exam QuestionsBrowse all questions from this exam

GPYC Exam - Question 30

What does the attacker do in a SQL Injection attack?

Obtains an administrative login for a SQL database server

Finds and exploits CVSS-SIG vulnerabilities in a particular version of SQL database

Inject information into an SQL server via an undocumented administrative interface

Submits a string that is interpreted as a SQL database command

Show Answer

Correct Answer: CD

In a SQL Injection attack, the attacker submits a string that is interpreted as a SQL database command. This allows the attacker to manipulate the database by executing arbitrary SQL code, which can lead to unauthorized access to sensitive data, modification of data, or even deletion of data. The goal is to exploit vulnerabilities in the application's handling of input to manipulate the SQL queries the application performs.

Discussion

3 comments

bighead12Option: D

Jul 23, 2022

Sorry the answer is D.

bighead12Option: C

Jul 16, 2022

The answer is C

a29dc2cOption: D

Feb 7, 2024

The answer is D