Which of the following BEST describes a protective countermeasure for SQL injection?

A security administrator looking through IDS logs notices the following entry: (where
email=joe@joe.com and passwd= ‘or 1==1’)
Which of the following attacks had the administrator discovered?

Which of the following types of application attacks would be used to specifically gain unauthorized
information from databases that did not have any input validation implemented?

The string:
‘ or 1=1– –
Represents which of the following?

When an order was submitted via the corporate website, an administrator noted special characters

(e.g., “;–” and “or 1=1 –“) were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

Highly sensitive data is stored in a database and is accessed by an application on a DMZ server.
The disk drives on all servers are fully encrypted. Communication between the application server
and end-users is also encrypted. Network ACLs prevent any connections to the database server
except from the application server. Which of the following can still result in exposure of the
sensitive data in the database server?

Which of the following BEST describes a SQL Injection attack?

An attacker attempted to compromise a web form by inserting the following input into the
username field: admin)(|(password=*))

Which of the following types of attacks was attempted?

Which of the following application attacks is used against a corporate directory service where
there are unknown servers on the network?

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that
limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on
her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?