Which type of attack involves an attacker inserting malicious code into a website's input field to manipulate the backend database?

Answer options:

Cross-Site Scripting (XSS)

SQL Injection

Buffer Overflow

Man-in-the-Middle

How to approach this question

Identify the attack that specifically targets databases via input fields.

Full Answer

B.SQL Injection✓ Correct

SQL Injection (SQLi) occurs when untrusted data is sent to an interpreter as part of a command or query, tricking the interpreter into executing unintended commands.

Common mistakes

Confusing XSS (client-side) with SQLi (server-side database).

Question 13 All questions Question 15

Practice the full CPA ISC Practice Exam 2

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll platform where clients access the software ...Medium Q02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...Hard Q03During a walkthrough of the change management process, an auditor observes that developers have w...Medium Q04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...Hard Q05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium

View all 82 questions →