Certified Information Systems Security Professional (CISSP) — Question 95

When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --. This is an example of which of the following kinds of attack?

Answer options

• A. Structured Query Language (SQL) Injection
• B. Brute Force Attack
• C. Rainbow Table Attack
• D. Cross-Site Scripting (XSS)

Correct answer: A

Explanation

The correct answer, Structured Query Language (SQL) Injection, is demonstrated by the use of a SQL statement that manipulates the database query. The other options, such as Brute Force Attack, Rainbow Table Attack, and Cross-Site Scripting (XSS), do not involve the manipulation of SQL queries in this manner.