GIAC Python Coder (GPYC) — Question 11

What does the attacker do in a SQL Injection attack?

Answer options

• A. Obtains an administrative login for a SQL database server
• B. Finds and exploits CVSS-SIG vulnerabilities in a particular version of SQL database
• C. Inject information into an SQL server via an undocumented administrative interface
• D. Submits a string that is interpreted as a SQL database command

Correct answer: C

Explanation

The correct answer is C because in a SQL Injection attack, the attacker typically injects SQL commands through input fields to manipulate the database. Options A and B describe different types of attacks that do not specifically refer to SQL Injection, while option D, while related, is not the primary action of SQL Injection, which focuses on exploiting vulnerabilities via injection rather than just submitting commands.