GIAC Certified Incident Handler (GCIH) — Question 136

Inspecting developer code for functions like system, exec, and popen is recommended to reduce the likelihood of what type of public-facing attack?

Answer options

• A. SQL Injection
• B. Cross-Site Scripting
• C. Command Injection
• D. Server-Side Request Forgery

Correct answer: C

Explanation

The correct answer is Command Injection because functions like system, exec, and popen can execute arbitrary commands, making the application vulnerable if not properly sanitized. SQL Injection and Cross-Site Scripting are related to database queries and web scripts respectively, while Server-Side Request Forgery is a different type of attack that involves manipulating requests to internal services.