PrepAway - Latest Free Exam Questions & Answers

which of the following?

The string:
‘ or 1=1– –
Represents which of the following?

PrepAway - Latest Free Exam Questions & Answers

A.
Bluejacking

B.
Rogue access point

C.
SQL Injection

D.
Client-side attacks

Explanation:
The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a
value of true. This can be included in statement designed to return all rows in a SQL table.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious
SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the
attacker). SQL injection must exploit a security vulnerability in an application’s software, for example,
when user input is either incorrectly filtered for string literal escape characters embedded in SQL
statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known
as an attack vector for websites but can be used to attack any type of SQL database.
Incorrect Answers:
A: Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such
as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the
name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.
The code in the question is not an example of bluejacking.
B: A rogue access point is a wireless access point that has either been installed on a secure company
network without explicit authorization from a local network administrator, or has been created to allow a
hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security
threat to large organizations with many employees, because anyone with access to the premises can
install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to
a secure network to unauthorized parties. Rogue access points of the second kind target networks that do
not employ mutual authentication (client-server server-client) and may be used in conjunction with a
rogue RADIUS server, depending on security configuration of the target network. A rogue access point
would not create the code shown in the question.D: Client-side attacks target vulnerabilities in client applications interacting with a malicious data. The
difference is the client is the one initiating the bad connection. The code in the question is much more
likely to be part of a SQL statement in a SQL Injection attack.

http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/Bluejacking
http://en.wikipedia.org/wiki/Rogue_access_point


Leave a Reply