Certified Information Systems Auditor (CISA) — Question 1136

Which of the following system attack methods is executed by entering malicious code into the search box of a vulnerable website, causing the server to reveal restricted information?

Answer options

• A. Man-in-the-middle
• B. Denial of service (DoS)
• C. SQL injection
• D. Cross-site scripting

Correct answer: C

Explanation

The correct answer is C, SQL injection, as it specifically refers to the method of inserting malicious SQL queries through input fields to manipulate the database. Options A and B describe different attack vectors that do not involve code injection into a website's input fields, while D, Cross-site scripting, pertains to executing scripts in the user's browser rather than the server's database.