- (Exam Topic 1)
Which flaw does an attacker leverage when exploiting SQL injection vulnerabilities?
Correct Answer:
A
SQL injection usually occurs when you ask a user for input, like their username/userid, but the user gives(“injects”) you an SQL statement that you will unknowingly run on your database. For example:Look at the following example, which creates a SELECT statement by adding a variable (txtUserId) to a selectstring. The variable is fetched from user input (getRequestString):txtUserId = getRequestString(“UserId”);txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;If user enter something like this: “100 OR 1=1” then the SzQL statement will look like this:SELECT * FROM Users WHERE UserId = 100 OR 1=1;The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE. Ahacker might get access to all the user names and passwords in this database.
- (Exam Topic 3)
An organization wants to provide visibility and to identify active threats in its network using a VM. The organization wants to extract metadata from network packet flow while ensuring that payloads are not retained or transferred outside the network. Which solution meets these requirements?
Correct Answer:
B
Reference:
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/LTRSEC-2240-LG2.pdf
- (Exam Topic 3)
Drag and drop the posture assessment flow actions from the left into a sequence on the right.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 3)
What is the process of performing automated static and dynamic analysis of files against preloaded behavioral indicators for threat analysis?
Correct Answer:
C
- (Exam Topic 1)
Which functions of an SDN architecture require southbound APIs to enable communication?
Correct Answer:
A
The Southbound API is used to communicate between Controllers and network devices