Exam GICSP Topic 1 Question 12 Discussion
Actual exam question for GIAC's GICSP exam
Question #: 12
Topic #: 1
Question #: 12
Topic #: 1
For a SQL injection login authentication bypass to work on a website, it will contain a username comparison that the database finds to be true. What else is required for the bypass to work?
Suggested Answer: B Vote an answer
Comprehensive and Detailed Explanation From Exact Extract:
SQL injection attacks often exploit the ability to inject SQL code into input fields to alter the logic of database queries. To bypass authentication, attackers often:
Use database comment characters (B) (e.g., -- in many SQL dialects) to ignore the rest of the original query, effectively bypassing the password check.
An unencrypted login page (A) is unrelated to the SQL injection logic.
Two pipe characters (||) (C) are logical OR operators in some databases but not universally required.
The correct password (D) is not required for bypass in SQL injection scenarios.
GICSP training covers SQL injection and defensive coding practices as common ICS web application vulnerabilities.
Reference:
GICSP Official Study Guide, Domain: ICS Security Operations & Incident Response OWASP Top 10 and SQL Injection Resources GICSP Training on Web Security Vulnerabilities
SQL injection attacks often exploit the ability to inject SQL code into input fields to alter the logic of database queries. To bypass authentication, attackers often:
Use database comment characters (B) (e.g., -- in many SQL dialects) to ignore the rest of the original query, effectively bypassing the password check.
An unencrypted login page (A) is unrelated to the SQL injection logic.
Two pipe characters (||) (C) are logical OR operators in some databases but not universally required.
The correct password (D) is not required for bypass in SQL injection scenarios.
GICSP training covers SQL injection and defensive coding practices as common ICS web application vulnerabilities.
Reference:
GICSP Official Study Guide, Domain: ICS Security Operations & Incident Response OWASP Top 10 and SQL Injection Resources GICSP Training on Web Security Vulnerabilities
by Basil at Feb 13, 2026, 01:00 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).