CompTIA CySA+ (CS0-002) — Question 49

A security analyst is reviewing WAF alerts and sees the following request:

Request="GET /public/report.html?iewt=9064 AND 1=1 UNION ALL SELECT 1,NULL,table_name FROM information_schema.tables WHERE 2>1--/**/; HTTP/1.1 Host=mysite.com

Which of the following BEST describes the attack?

Answer options

• A. SQL injection
• B. LDAP injection
• C. Command injection
• D. Denial of service

Correct answer: A

Explanation

The request demonstrates SQL injection as it attempts to manipulate a SQL query by injecting additional commands using the UNION ALL operator. The other options do not apply because LDAP injection involves directory services, command injection targets system commands, and denial of service aims to disrupt service availability, none of which are relevant to this SQL-related attack.