GIAC Certified Incident Handler (GCIH) — Question 119

Which web application log keyword would be associated with a SQL injection attack?

Answer options

• A. union
• B. ../../../../etc/shadow
• C. bind
• D. script

Correct answer: A

Explanation

The keyword 'union' is commonly used in SQL injection attacks to combine the results of multiple SELECT statements. The other options, such as '../../../../etc/shadow', are related to file path traversal, 'bind' pertains to database connections, and 'script' is associated with cross-site scripting (XSS), making them incorrect in this context.