CertNexus Certified Cyber Secure Coder (CSC) — Question 75

A company website was hacked via the following SQL query:
email, passwd, login_id, full_name

FROM members -
WHERE email = “[email protected]”; DROP TABLE members; –”
Which of the following did the hackers perform?

Answer options

• A. Cleared tracks of[email protected]entries
• B. Deleted the entire members table
• C. Deleted the email password and login details
• D. Performed a cross-site scripting (XSS) attack

Correct answer: C

Explanation

The correct answer is C because the SQL injection query specifically targets the retrieval of sensitive data including email, password, and login details. The other options are incorrect as A does not relate to the query's intent, B suggests a physical deletion of the table which is not indicated, and D misidentifies the type of attack as XSS rather than SQL injection.