Certified Ethical Hacker (CEH v11) — Question 82
Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.
Which two SQL injection types would give her the results she is looking for?
Answer options
- A. Out of band and boolean-based
- B. Union-based and error-based
- C. Time-based and union-based
- D. Time-based and boolean-based
Correct answer: D
Explanation
The correct answer is D, as time-based and boolean-based SQL injection techniques are specifically designed to evaluate response times based on true or false conditions. While out of band and union-based methods have their uses, they do not focus on measuring response times directly, making them unsuitable for Jane's specific testing requirements.