CompTIA A+ Core 2 (220-1102) — Question 595

A malicious user was able to export an entire website's user database by entering specific commands into a field on the company's website. Which of the following did the malicious user most likely exploit to extract the data?

Answer options

• A. Cross-site scripting
• B. SQL injection
• C. Brute-force attack
• D. DDoS attack

Correct answer: B

Explanation

The correct answer is B, SQL injection, as it allows attackers to manipulate database queries and access sensitive data. Cross-site scripting (A) is used to inject malicious scripts into web pages, while brute-force attacks (C) attempt to guess passwords, and DDoS attacks (D) aim to overwhelm a server with traffic, none of which specifically target data extraction like SQL injection does.