Which of the following types of application attacks would be used to specifically gain unauthorized
information from databases that did not have any input validation implemented?

The string:
‘ or 1=1– –
Represents which of the following?

When an order was submitted via the corporate website, an administrator noted special characters (e.g.,
“;–” and “or 1=1 –“) were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk
drives on all servers are fully encrypted. Communication between the application server and end-users is
also encrypted. Network ACLs prevent any connections to the database server except from the
application server. Which of the following can still result in exposure of the sensitive data in the database
server?

Which of the following BEST describes a SQL Injection attack?

An attacker attempted to compromise a web form by inserting the following input into the username
field: admin)(|(password=*))
Which of the following types of attacks was attempted?

Which of the following application attacks is used against a corporate directory service where there are
unknown servers on the network?

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the
request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to
intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?

A malicious individual is attempting to write too much data to an application’s memory. Which of the
following describes this type of attack?

Data execution prevention is a feature in most operating systems intended to protect against which type
of attack?