XML Exam I10-003 Topic 6 Question 56 Discussion

Actual exam question for XML's I10-003 exam

Question #: 56
Topic #: 6

A certain Web application displays user information according to user input via Web browser. The XML data managing user information is as shown in [example xm I] referenced in a separate window.

At this time, the Web application completes the [XQuery] by replacing (1) and (2) with the user input character string, and executes the query.

No character escapes (e.g. convert "<" to "<") are performed for character string input by the user.

Select the query execution result when the user input character string is as follows:

(1) "]/fn:root(),()/a[a="

(2) OK

A<result/>

B<result>
<example>
<data>
<userid>id1</userid>
pass1
<name>name1</name>

add1

</data>
<data>
<userid>id2</userid>
pass2
<name>name2</name>

add2

</data>
</example>
</result>

C<result>
<example>
<data>
<userid>id1</userid>
pass1
<name>name1</name>

add1

</data>
<data>
<userid>id2</userid>
pass2
<name>name2</name>

add2

</data>
</example>

</result>

Dan error occurs

Show Suggested Answer

Suggested Answer: B, F

by Shala at Jan 15, 2025, 04:21 AM

Limited Time Offer

25%

Off

Get Premium I10-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Franklyn

1 months ago

Ah, the age-old dilemma: to sanitize or not to sanitize? That is the question. And the answer is, of course, to sanitize. Unless you're a fan of XML-flavored chaos, that is.

upvoted 0 times

Solange

2 months ago

I'm going with B. I mean, who wouldn't want to see the user information displayed, right? What could possibly go wrong?

upvoted 0 times

Kenny

2 months ago

D, definitely D. An error should occur when the user input is passed directly into the XQuery without any sanitization. That's a classic security flaw waiting to happen.

upvoted 0 times

Kate

2 days ago

C) \n\n\nid1\npass1\nname1\n

add1

\n\n\nid2\npass2\nname2\n

add2

\n\n\n\n

upvoted 0 times

...

Miesha

5 days ago

B) \n\n\nid1\npass1\nname1\n

add1

\n\n\nid2\npass2\nname2\n

add2

\n\n\n

upvoted 0 times

...

Johnna

2 months ago

Wow, this question is really tricky! I'm going to have to think about this one carefully. The lack of character escaping is definitely a concern.

upvoted 0 times

...

I think the correct answer is C. The user input character string contains an XML tag that could be interpreted as part of the XML structure, potentially leading to a security vulnerability known as XML injection.

upvoted 0 times

Lauran

2 months ago

User2

upvoted 0 times

...

Royce

2 months ago

User1

upvoted 0 times

...

Selene

3 months ago

I'm not sure, but I think the correct answer is C.

upvoted 0 times

...

Yuki

3 months ago

I agree with Cristal, the query execution result should be B.

upvoted 0 times

...

Cristal

3 months ago

I think the answer is B.

upvoted 0 times

...

XML Exam I10-003 Topic 6 Question 56 Discussion

Contribute your Thoughts:

Franklyn

Vivienne

Amalia

Solange

Julene

Martina

Kenny

Kate

Miesha

Francesco

Johnna

Gilberto

Lauran

Royce

Selene

Yuki

Cristal