CompTIA PenTest+ Practice Test

Which type of attack can potentially compromise the integrity of an application by injecting untrusted code?

• A. Code Injection
• B. Mime Sniffing
• C. Cross-Site Scripting
• D. SQL Injection

The correct answer is: Code Injection

The type of attack that can potentially compromise the integrity of an application by injecting untrusted code is Code Injection. This form of attack occurs when an attacker is able to insert malicious code into a program or script that is then executed by the server or client application. The consequence is that it can change the intended behavior of the application, leading to data theft, service disruption, or unauthorized access. In the context of web applications, this could allow attackers to run arbitrary commands or even take control of the system. By exploiting input fields or parameters without proper validation or sanitation, attackers can insert code that is executed by the application, thereby compromising its integrity. Other options like Mime Sniffing, Cross-Site Scripting, and SQL Injection, while also potentially harmful, focus on different methodologies and vulnerabilities. Mime Sniffing relates to how browsers interpret content types and does not involve code injection specifically. Cross-Site Scripting is a specific type of code injection where scripts are injected into web pages viewed by other users, but it primarily affects client-side execution rather than altering application code integrity. SQL Injection, on the other hand, specifically targets database queries by injecting malicious SQL code, which, while compromising data integrity, is distinct from the general concept of code