[&] What is LDAP injection?
- A strategy to improve LDAP schema design
- A web application vulnerability due to improper input validation
- A method to encrypt LDAP data
- A technique to speed up LDAP queries

[&] How does LDAP injection differ from SQL injection?
- It uses completely different payloads not related to SQL
- It does not require knowledge of the base query language
- It manipulates the structure of LDAP queries rather than SQL queries
- It only affects operating systems, not web applications

[&] Which of the following practices can lead to LDAP injection vulnerabilities?
- Properly encoding special characters
- Implementing thorough input validation
- Using parameterized queries
- Concatenating user input directly into an LDAP query

[&] How can wildcards be exploited in LDAP injection?
- By speeding up query processing and execution time
- By bypassing HTTP-based authentication mechanisms
- By preventing special characters from being utilized effectively
- By closing and manipulating query logic to display all objects

[&] What is an important precaution to take when dealing with LDAP user inputs to prevent injections?
- Regularly update the LDAP server software
- Properly escape special characters in the input
- Implement logging for all LDAP actions
- Always encrypt all LDAP inputs by default

[&] What might an attacker achieve with LDAP injection?
- Improve the application's performance
- Initiate a denial-of-service attack automatically
- Create new user accounts with elevated privileges
- Extract sensitive information from a directory