CompTIA CySA+ (CS0-003) — Question 24

A SOC analyst identifies the following content while examining the output of a debugger command over a client-server application:

getConnection(database01,"alpha" ,"AxTv.127GdCx94GTd");

Which of the following is the most likely vulnerability in this system?

Answer options

• A. Lack of input validation
• B. SQL injection
• C. Hard-coded credential
• D. Buffer overflow

Correct answer: C

Explanation

The correct answer is C because the presence of hard-coded credentials like 'AxTv.127GdCx94GTd' poses a significant security risk. Options A and B are not applicable as the command does not indicate input validation issues or SQL injection. Option D is also incorrect since there is no evidence of buffer overflow in the provided command.