Isaca Updated CISA Exam Questions and Answers by malaika

SQL injection attacks exploit vulnerabilities in web applications by inserting malicious SQL code into input fields, such as a search box. This can cause the server to execute unintended commands, often revealing restricted information.

Man-in-the-Middle (Option A):This intercepts communication but does not involve code injection.

Denial of Service (DoS) (Option B):This aims to disrupt service, not extract information.

Cross-Site Scripting (Option D):Involves injecting malicious scripts to execute in a user's browser but does not extract server-side data.

Deep packet inspection (DPI) is a core capability of data loss prevention (DLP) tools that allows the analysis of the content of data packets in transit. This helps detect the unauthorized movement of sensitive data by examining packet-level details.

Network Traffic Logs (Option A):These provide historical data but do not actively detect data in transit.

Data Inventory (Option C):Useful for identifying where sensitive data resides but not for monitoring its movement.

Proprietary Encryption (Option D):Protects data but does not detect unauthorized transmission.