CompTIA CASP+ (CAS-002) — Question 7

select id, firstname, lastname from authors

User input= firstname= Hack;man -
lastname=Johnson
Which of the following types of attacks is the user attempting?

Answer options

• A. XML injection
• B. Command injection
• C. Cross-site scripting
• D. SQL injection

Correct answer: D

Explanation

The user is attempting an SQL injection attack by injecting SQL code into the input fields, which could manipulate the database query. Options A, B, and C refer to other forms of attacks that do not involve directly manipulating SQL queries. SQL injection specifically targets the database to execute unauthorized commands.