ITN 261 CH 14 SQL INJECTION
Which statement is used to limit data in SQL Server? cmdshell WHERE SELECT to
WHERE
Which command is used to remove a table from a database? cmdshell -drop table REMOVE DROPTABLES drop table
drop table
Which command can be used to access the command prompt in SQL Server? WHERE SELECT xp_cmdshell cmdshell
xp_cmdshell
What can an error message tell an attacker? Success of an attack Failure of an attack Structure of a database All of the above
All of the above
These types of SQL injection attacks are much more time consuming because every time new information is obtained, new statements must be crafted without feedback from the application itself. Hidden Forced Blind Spoofed
Blind
Which of the following is a scripting language? ActiveX Java CGI ASP.NET
CGI
Databases can be a victim of code exploits depending on which of the following? Configuration Vendor Patches Client version
Configuration
SQL injection attacks are aimed at which of the following? Web applications Web servers Databases Database engines
Databases
What type of database has its information spread across many disparate systems? Hierarchical Relational Distributed Flat
Distributed
A blind SQL injection attack is used when which of the following is true? Error messages are not available. The database is not SQL compatible. The database is relational. All of the above.
Error messages are not available.
This database command further refines a query by basing it on grouped fields. HAVING WHERE SELECT MISMATCH
HAVING
Browsers do not display __________. ActiveX Hidden fields Java JavaScri
Hidden fields
In addition to relational databases, there is also what kind of database? Hierarchical SQL ODBC Structured
Hierarchical
Proper input validation can prevent what from occurring? Client-side issues Operating system exploits SQL injection attacks Software failure
Operating system exploits
Which of the following challenges can be solved by firewalls? Protection against buffer overflows Protection against scanning Enforcement of privileges Ability to use nonstandard ports
Protection against scanning
Web applications are used to __________. Provide dynamic content Stream video Apply scripting Implement security controls
Provide dynamic content
What type of database uses multiple tables linked together in complex relationships? Hierarchical Relational Distributed Flat
Relational
Which of the following is another name for a record in a database? Row Column Cell Label
Row
__________ can be used to attack databases. Buffer overflows SQL injection Buffer injection Input validation
SQL injection
__________ is used to audit databases. Ping Ipconfig SQLPing Traceroute
SQLPing