PrepAway - Latest Free Exam Questions & Answers

which of the following?

The string:
` or 1=1– –
Represents which of the following?

PrepAway - Latest Free Exam Questions & Answers

A.
Bluejacking

B.
Rogue access point

C.
SQL Injection

D.
Client-side attacks

Explanation:
The code in the question is an example of a SQL Injection attack. The code `1=1′ will always provide a value of true. This can be included in statement designed to
return all rows in a SQL table.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
(e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is
either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL
injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Incorrect Answers:
A: Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a
vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth- enabled device via the OBEX protocol.
The code in the question is not an example of bluejacking. Therefore, this answer is incorrect.
B: A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network
administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large
organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that
can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual
authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network.
A rogue access point would not create the code shown in the question. Therefore, this answer is incorrect.
D: Client-side attacks target vulnerabilities in client applications interacting with a malicious data. The difference is the client is the one initiating the bad connection.
The code in the question is much more likely to be part of a SQL statement in a SQL Injection attack. Therefore, this answer is incorrect.

http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/Bluejacking
http://en.wikipedia.org/wiki/Rogue_access_point


Leave a Reply