Which of the following application attacks is used against a corporate directory service where there are
unknown servers on the network?

An attacker attempted to compromise a web form by inserting the following input into the username field:
admin)(|(password=*))
Which of the following types of attacks was attempted?

Which of the following BEST describes a SQL Injection attack?

Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk
drives on all servers are fully encrypted. Communication between the application server and end-users is also
encrypted. Network ACLs prevent any connections to the database server except from the application server.
Which of the following can still result in exposure of the sensitive data in the database server?

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;–“
and “or 1=1 –“) were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

The string:
‘ or 1=1– –
Which of the following represents it?

Which of the following types of application attacks would be used to specifically gain unauthorized information
from databases that did not have any input validation implemented?

A security administrator looking through IDS logs notices the following entry: (where email = ‘joe@joe.com’ and
passwd = ‘or 1==1’)
Which of the following attacks had the administrator discovered?

Which of the following BEST describes a protective countermeasure for SQL injection?

Pete, the security administrator, has been notified by the IDS that the company website is under attack.
Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public
bulletin board.
INSERT INTO message `<script>source=http://evilsite</script>
Which of the following is this an example of?