CWNP Exam Questions

which an attacker tries to execute unauthorized SQL statements?

Which of the following attacks is a process in which an attacker tries to execute unauthorized SQL statements?

A.
Salami attack

B.
Brute force attack

C.
Injection attack

D.
Hybrid attack

Explanation:
An injection attack is a process in which an attacker tries to execute unauthorized SQL statements. These statements can be used to delete data from a database, delete database objects such as tables, views stored procedures, etc. An attacker can either directly enter the code into input variables or insert malicious code in strings that can be stored in a database. Answer option D is incorrect. When an attacker performs a dictionary as well as a brute force attack, the attack is known as a hybrid attack. In this method, an attack is performed with the dictionary attack method of adding numerals and symbols to dictionary words. Answer option A is incorrect. A salami attack is a series of minor attacks that collectively result in a larger attack. Computers are ideally suited to automating this type of attack. It is a form of cybercrime usually used for the purpose of committing financial crimes. In this type of attack, cybercriminals steal money or resources a bit at a time from financial accounts on a computer. Answer option B is incorrect. In a brute force attack, an attacker uses software that tries a large number of the keys combinations in order to get a password. To prevent such attacks, users should create passwords more difficult to guess, e.g., using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations, etc.