ITN 261 CH 14 SQL INJECTION

Which statement is used to limit data in SQL Server? cmdshell WHERE SELECT to

WHERE

Which command is used to remove a table from a database? cmdshell -drop table REMOVE DROPTABLES drop table

drop table

Which command can be used to access the command prompt in SQL Server? WHERE SELECT xp_cmdshell cmdshell

xp_cmdshell

What can an error message tell an attacker? Success of an attack Failure of an attack Structure of a database All of the above

All of the above

These types of SQL injection attacks are much more time consuming because every time new information is obtained, new statements must be crafted without feedback from the application itself. Hidden Forced Blind Spoofed

Blind

Which of the following is a scripting language? ActiveX Java CGI ASP.NET

CGI

Databases can be a victim of code exploits depending on which of the following? Configuration Vendor Patches Client version

Configuration

SQL injection attacks are aimed at which of the following? Web applications Web servers Databases Database engines

Databases

What type of database has its information spread across many disparate systems? Hierarchical Relational Distributed Flat

Distributed

A blind SQL injection attack is used when which of the following is true? Error messages are not available. The database is not SQL compatible. The database is relational. All of the above.

Error messages are not available.

This database command further refines a query by basing it on grouped fields. HAVING WHERE SELECT MISMATCH

HAVING

Browsers do not display __________. ActiveX Hidden fields Java JavaScri

Hidden fields

In addition to relational databases, there is also what kind of database? Hierarchical SQL ODBC Structured

Hierarchical

Proper input validation can prevent what from occurring? Client-side issues Operating system exploits SQL injection attacks Software failure

Operating system exploits

Which of the following challenges can be solved by firewalls? Protection against buffer overflows Protection against scanning Enforcement of privileges Ability to use nonstandard ports

Protection against scanning

Web applications are used to __________. Provide dynamic content Stream video Apply scripting Implement security controls

Provide dynamic content

What type of database uses multiple tables linked together in complex relationships? Hierarchical Relational Distributed Flat

Relational

Which of the following is another name for a record in a database? Row Column Cell Label

Row

__________ can be used to attack databases. Buffer overflows SQL injection Buffer injection Input validation

SQL injection

__________ is used to audit databases. Ping Ipconfig SQLPing Traceroute

SQLPing