1d:["$","$L2b",null,{"questions":[{"id":"eccd6a10-c59d-4a10-ad4f-293857875f6c","slug":"a-security-analyst-is-reviewing-web-server-logs-from-an-e","certificationSlug":"security-plus","examCode":"SY0-701","examName":"Security+ SY0-701","questionText":"A security analyst is reviewing web server logs from an e-commerce application. The logs show repeated requests containing URLs with appended strings such as: `' OR '1'='1' --` and `'; DROP TABLE Users; --`. The application returned HTTP 200 responses with unexpected data in several instances. Which type of attack is most likely being attempted?","difficulty":"medium","domain":"Threats, Vulnerabilities, and Mitigations","domainSlug":"threats-vulns","topic":"Threats, Vulnerabilities, and Mitigations","questionNumber":2,"totalQuestions":1112,"options":[{"key":"A","isCorrect":true,"text":"SQL injection","explanation":"Correct. The log entries show SQL syntax such as `OR '1'='1'` and `DROP TABLE`, which are classic indicators of SQL injection attempts. This attack exploits improper input sanitization to manipulate database queries.","masteryContext":""},{"key":"B","isCorrect":false,"text":"LDAP injection","explanation":"Incorrect. LDAP injection attacks target Lightweight Directory Access Protocol (LDAP) queries, not SQL databases. The patterns shown are SQL-specific, not LDAP filter syntax (e.g., `(&(uid=*)(userPassword=*))`).","masteryContext":""},{"key":"C","isCorrect":false,"text":"Command injection","explanation":"Incorrect. Command injection attempts to execute arbitrary operating system commands through a vulnerable application. The logs show SQL syntax, not shell metacharacters like `;`, `|`, or `&&` typically used in command injection.","masteryContext":""},{"key":"D","isCorrect":false,"text":"Cross-site scripting (XSS)","explanation":"Incorrect. XSS involves injecting client-side scripts (e.g., JavaScript) into web pages viewed by other users. The log entries contain SQL code, not script tags or event handlers like ``.","masteryContext":""}],"correctOptionKey":"A","correctOptions":["[object Object]"],"correctAnswerText":"A. SQL injection","isMultiSelect":false,"mainExplanation":"The observed patterns are classic SQL injection attempts. The `' OR '1'='1' --` string attempts to bypass authentication by creating a true condition, and `'; DROP TABLE Users; --` attempts to execute a destructive SQL command. A successful SQL injection can allow an attacker to read, modify, or delete database contents. LDAP injection targets directory services, command injection executes OS commands, and XSS injects client-side scripts.","examTrap":null,"examTip":null,"technicalDeepDive":null,"keyConcepts":[],"faqs":[],"eliminationLogic":null,"exhibitText":null,"exhibitUrl":null,"hasExhibit":false,"isExhibitQuestion":false,"questionPairs":[],"hasMatchingPairs":false,"isMatchingQuestion":false,"relatedQuestions":[{"slug":"a-security-analyst-is-reviewing-the-source-code-of-a-custom-2","text":"A security analyst is reviewing the source code of a custom network service written in C. The service allocates a 256-byte buffer and uses the strcpy() function to copy incoming data into that buffer without verifying the length of the input. If an attacker sends a specially crafted payload that exceeds 256 bytes, which security control would be most effective at detecting and preventing the resulting exploitation at runtime?","examSlug":"security-plus"},{"slug":"a-cfo-at-a-mid-sized-company-receives-an-urgent-email-that","text":"A CFO at a mid-sized company receives an urgent email that appears to come from the CEO's email address, requesting an immediate wire transfer of $50,000 to a new vendor for a time-sensitive project. The email address displayed is 'ceo@cornpany.com' instead of the legitimate 'ceo@company.com'. The CFO follows the instruction and initiates the transfer. Later, the real CEO denies sending such a request. Which of the following security controls would have been MOST effective in preventing this type of attack from succeeding?","examSlug":"security-plus"},{"slug":"a-user-receives-a-phone-call-from-someone-who-claims-to-be-a","text":"A user receives a phone call from someone who claims to be a member of the company's IT support team. The caller states that the user's account has been compromised and requests the user's username, password, and the current multi-factor authentication (MFA) code to 'verify identity and secure the account.' Which type of social engineering attack is being attempted?","examSlug":"security-plus"},{"slug":"a-security-analyst-is-reviewing-the-source-code-of-a-custom","text":"A security analyst is reviewing the source code of a custom authentication service. The service uses a function that compares a user-supplied password to the stored password hash by iterating through each byte and returning false immediately upon the first mismatch. The analyst measures the function's execution time and discovers it varies measurably depending on how many initial bytes match. Which type of attack is this vulnerability most likely to facilitate?","examSlug":"security-plus"},{"slug":"a-security-analyst-is-reviewing-the-results-of-a-dynamic","text":"A security analyst is reviewing the results of a dynamic application security test (DAST) on a new e-commerce application. The report indicates that the application's product search functionality is vulnerable to blind SQL injection. The analyst is tasked with recommending a remediation to the development team. The developers currently concatenate user input directly into SQL queries. Which of the following recommendations would most effectively and permanently mitigate this vulnerability?","examSlug":"security-plus"},{"slug":"a-security-analyst-is-reviewing-authentication-logs-from-a","text":"A security analyst is reviewing authentication logs from a corporate web application. The logs show thousands of failed login attempts over the past hour. Each attempt uses a different username, but all attempts use the same password 'Spring2024!'. The source IP addresses are widely distributed across several different geographic regions. Which type of attack is the analyst most likely observing?","examSlug":"security-plus"},{"slug":"a-security-analyst-is-investigating-a-series-of-alerts-from-the","text":"A security analyst is investigating a series of alerts from the web application firewall. Users are reporting that when they view a product review page on the company's e-commerce site, their browser automatically redirects to a malicious website. The analyst examines the database and finds that a product review submitted by a user contains a