Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Arcitura Education S90.19 Exam - Topic 3 Question 20 Discussion

Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a Student ID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?
C) XPath injection attack
A) XML parser attack
B) SQL injection attack
D) None of the above

Arcitura Education S90.19 Exam - Topic 3 Question 20 Discussion

Actual exam question for Arcitura Education's S90.19 exam
Question #: 20
Topic #: 3
[All S90.19 Questions]

Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a Student ID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Ammie at May 09, 2022, 07:49 AM

Limited Time Offer

25%

Off

Get Premium S90.19 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dottie
7 months ago
No way it's none of the above!
upvoted 0 times
...
Telma
7 months ago
Wait, can an XPath query really be exploited like that?
upvoted 0 times
...
Blondell
8 months ago
Seems like a classic case of XPath manipulation.
upvoted 0 times
...
Celia
8 months ago
I thought it was SQL injection at first.
upvoted 0 times
...
Katheryn
8 months ago
Definitely an XPath injection attack.
upvoted 0 times
...
Socorro
8 months ago
I'm feeling confident about this one. Constructive dismissal is when the employee resigns due to the employer's conduct, so the answer has to be B.
upvoted 0 times
...
Stephaine
8 months ago
I think TCP port 23 is used by Telnet, but I'm not completely sure; it might have been just a quick flashback from a study session.
upvoted 0 times
...
Kenneth
8 months ago
We discussed how lead-time uncertainty definitely plays a role in safety stock calculations, so I lean towards D being the correct answer.
upvoted 0 times
...
Sage
8 months ago
The share-for-share exchange seems like the most straightforward option, but I'll need to double-check the math to make sure it meets the premium requirement.
upvoted 0 times
...
France
8 months ago
The training aspect is definitely something I practiced in case questions. I think everyone needs to be on the same page for these processes to work.
upvoted 0 times
...

Save Cancel