ExpertMedium1 markMultiple Choice
CPA · Question 14 · Area II: Security
Which type of attack involves an attacker inserting malicious code into a website's input field to manipulate the backend database?
Which type of attack involves an attacker inserting malicious code into a website's input field to manipulate the backend database?
Answer options:
A.
Cross-Site Scripting (XSS)
B.
SQL Injection
C.
Buffer Overflow
D.
Man-in-the-Middle
How to approach this question
Identify the attack that specifically targets databases via input fields.
Full Answer
B.SQL Injection✓ Correct
SQL Injection
SQL Injection (SQLi) occurs when untrusted data is sent to an interpreter as part of a command or query, tricking the interpreter into executing unintended commands.
Common mistakes
Confusing XSS (client-side) with SQLi (server-side database).
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium