CompTIA PenTest+ (PT0-002) — Question 270

Given the following user-supplied data:

www.comptia.com/info. php?id=1 AND 1=1

Which of the following attack techniques is the penetration tester likely implementing?

Answer options

• A. Boolean-based SQL injection
• B. Time-based SQL injection
• C. Stored cross-site scripting
• D. Reflected cross-site scripting

Correct answer: A

Explanation

The correct answer is A, Boolean-based SQL injection, because the input uses a logical condition (AND 1=1) to manipulate the SQL query. Options B, C, and D refer to different attack methods that do not apply to the given input structure.