CompTIA CASP+ Practice Test

A security administrator is concerned about potential vulnerabilities based on a web server log entry. What issue does this log entry indicate?

• A. File inclusion vulnerability
• B. SQL injection attempt
• C. Cross-site scripting attack
• D. Denial of service attack

The correct answer is: SQL injection attempt

The log entry indicates a potential SQL injection attempt because it typically shows patterns or signatures associated with SQL injection attacks. These patterns often involve a web application receiving unvalidated input that includes SQL commands or unexpected characters that the application cannot properly interpret. SQL injection is a prevalent web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. The person reviewing the logs would recognize certain keywords or syntax that are characteristic of this type of attack, such as the inclusion of parts of SQL statements, the use of operators like apostrophes to manipulate query execution, or even specific SQL functions. The context of the log entry is critical. For example, if the log contains an input that appears to be attempting to alter a SQL query—such as inserting statements like “OR 1=1” or using the "--" syntax to comment out parts of the query—this would clearly point towards an SQL injection attempt, thereby confirming the concern raised by the security administrator. In contrast, the other options represent different types of vulnerabilities or attacks that typically involve different patterns in server logs. File inclusion vulnerabilities would be indicated by attempts to include unexpected files; cross-site scripting would show patterns where script tags or JavaScript are being injected; while