cybersecurity: unit 8 and 9 test
The ultimate goal of SQLi is to
gain control of a web application's database server.
The SQL query: SELECT name, id FROM House; will return
the name and id columns, in that order.
The main unit of data in SQL is a database.
true
The schema is how we define what is stored in a table.
true
Which operator means "not equal to" in SQL?
<>
A database is always comprised of
tables and rows.
Which of the following statements is an example of computer readable data? - A handwritten note - Brain waves - A physical photograph - A digital spreadsheet
A digital spreadsheet
Which of the following are TRUE about clients? A. Client devices are typically personal computing devices with network software applications installed. B. Clients are very similar to Database Management Systems or DBMSs. C. Client devices request and receive information over the network or Internet. D. Examples of client devices are mobile devices like your smart phone, tablets, iPads, laptops and also desktop computers. E. A client is an electronic system that allows data to be easily accessed, manipulated and updated. F. Client-server applications are programs or apps that run on our client devices that need to access resources from a server.
A, C, D, and F
Developer tools can help with A. Testing and debugging a site or web app. B. Diagnosing problems quickly on a site or web app. C. Building and maintaining a more secure site or web app. D. Modifying site or web app elements and sending the changes back to the server. E. Changing code in real time to see how it impacts the site or web app on the fly.
A, B, C, and E
What happens during a SQLi attack? A. A malicious hacker uses SQL to get the database to reveal its contents. B. Nothing happens as this is an old form of attack and no longer relevant because of newer cybersecurity protocols. C. Malicious SQL statements are placed somewhere within a web page or application's input or URL. D. Hackers can gain access to sensitive data, such as PII, credit card information, and login credentials. E. This is considered a low-level attack and not destructive on a large scale so typically the most an attacker can do is render web pages differently to an end user.
A, C, and D
Developer tools can help with A. Testing and debugging a site or web app. B. Diagnosing problems quickly on a site or web app. C. Building and maintaining a more secure site or web app. D. Modifying site or web app elements and sending the changes back to the server. E. Changing code in real-time to see how it impacts the site or web app on the fly.
All except D.
Using view page source allows you to quickly see the following: A. The HTML that marks up the page B. Images used and their location in a site folder C. Fonts and icons D. Stylesheets E. Server-side scripts that bring in information from a database, such as search engines, forums, etc. F. JavaScript within a <script> element G. JavaScript outside of a <script> element
All except E
Which of the following describe databases: A. They are organized collections of data (e.g., text, images, videos, audio, geospatial, tabular) B. They are an electronic system that allows data to be easily accessed, manipulated and updated C. They are exactly like spreadsheets. D. They are managed with Database Management Systems (DBMS) E. They are like spreadsheets in that they have rows and columns. F. They differ from spreadsheets in that they are organized into tables and can store a lot more data. G. They can be queried with languages like SQL (Structured Query Language)
All except for C
SQLi attacks can allow hackers to gain access to I. Customer data II. Social Security numbers III. Company secrets IV. Intellectual property V. Admin login credentials
All of the above
What kinds of damage can a malicious actor do with a SQLi attack? A. Change passwords B. Reduce prices on ecommerce sites C. Insert users into database table D. Drop database tables entirely E. Create logins
All of the above
When creating passwords for sites and apps, it's important for us to look at what the site requires in terms of password strength. Which of the following shows that the site or app may not have strong enough rules for creating passwords? A. The number of characters required is very low or there is no minimum defined at all. B. Special characters are not allowed to be used in the password. C. The company or organization sends your credentials (username and password) via email at any time, but especially on sign up. D. The company or organization emails a new password. E. The company or organization does not confirm your old password before allowing you to change it.
All of the above
What does it mean for code to be minified?
All of the spaces are removed from the code so that it is unreadable.
When using view page source, it's possible to see the following: A. The HTML that marks up the page B. Images used and their location in a site folder C. Fonts and icons D. Stylesheets E. JavaScript within a <script> element F. JavaScript outside of a <script> element
All of them are true.
Which of the following are TRUE about servers? A. Examples include web servers, mail servers, and file servers. B. provide resources to client devices. C. one-to-many relationship with clients. D. can provide multiple resources to multiple clients at one time. E. typically stores files and databases including more complex applications like Web sites. F. often feature higher-powered central processors, more memory, and larger disk drives than clients. G. A server computer program or application provides functionality for client programs or devices. H. Servers can provide various functionalities, often called "services", such as sharing data or resources among multiple clients, or performing computation for a client. I. Typical servers are database servers, file servers, mail servers, print servers, web servers, game servers, and application servers.
All of these are true
Applications of the Client-Server Model include: - the World Wide Web - Network Printing - Email
All of these choices
Client-server applications A. are any apps that run on personal devices and need access to resources from a server. B. are distributed resources across multiple apps or devices. C. provide services such as data sharing and web pages. D. include database, file, mail, print, web, and game servers E. are also known as front-end and back-end applications.
All options are correct
Some of the best ways to prevent or at least mitigate a SQLi attack are to A. Keep data separate from commands and queries B. Use a safe API C. Reduce the amount of SQL used overall D. Use server-side input validation E. Use other SQL controls to prevent mass disclosure of records F. Avoid leaving any raw SQL in the code G. Have SQL reside behind multiple layers in the code base and not accessible by the site
All options are correct.
A natural science museum opened a new display that lets the visitors view animations of a coral reef. The animations show how the health of the coral reef varies based on water temperature, pollution levels, and the number of fish living around the reef. The visitors are able to choose a numerical value for each of the conditions. The exhibit's animations are determined by using a database to look up how healthy the coral reef is at the particular settings the visitor chooses and displaying a corresponding picture. What is the biggest advantage of using an interactive exhibit like this instead of showing a poster with the same information?
By allowing the visitors to interact with the exhibit, the visitors will be able to understand coral reefs better.
In the Chrome Developer Tools, this panel is so useful that it is accessible from every panel.
Console panel
What is the correct hierarchy of elements for a database schema (overall design / organization) ?
Database, File (Table), Record, Field
Which query will return the entire Gamers table?
SELECT * FROM Gamers;
Which term is used to describe the logical structure of a database?
Schema
When we inspect an element through developer tools, we are looking at:
The current state of the page after it has been loaded.
What does SQL stand for?
Structured Query Language
Which of the statements is true based on the following query? SELECT name, occupation FROM Employee WHERE age < 45; - The name of the database is 'occupation'. - There is a column for Employee in the table. - There is a column for age in the table. - The name of the database is name.
There is a column for age in the table.
Which is not true according to the following query? SELECT name FROM Users WHERE id = 90;
There is a row for id in the table
Which type of SQL injection attack occurs by adding a condition that is always true to a query to extract additional information from the database?
Union-based SQLi
According to OWASP, there are currently 4 primary defenses against SQLi attacks. This single most important technique for preventing SQLi of these is:
Use of prepared statements (with parameterized queries)
Which of the following statements is true about data visualizations? - Visualizing data has only been possible since computers have become widespread. - Visualizations take many forms, from tables to charts to images. - There is always one exact visualization that should be used to show a particular aspect of a dataset. - The only way to extract information from data is by using a visualization.
Visualizations take many forms, from tables to charts to images.
Which of the following statements is NOT a benefit of using computers to process data? - People can use computers to find patterns in data and make predictions. - Computers help people visualize data so that it is easy to extract useful information. - Websites can gather large amounts of personal data without the user knowing. - Computers are able to easily process, manipulate, and display large amounts of data in a short amount of time.
Websites can gather large amounts of personal data without the user knowing.
In the Client-Server Model, the database:
resides on the server side
There are multitudes of different kinds of charts that we commonly use to visualize data. In which of the following would a chart or visualization help to accomplish the accompanying task described? - You want to track the number of times you say "hello" today. - Your school wants to track how many people attend the football games over time throughout the school year. - You are trying to figure out what happens when different colors are mixed. - You need instructions on how to bake a cake.
Your school wants to track how many people attend the football games over time throughout the school year.
The SELECT statement allows you to:
ask for a row or multiple rows from a table in a database.
In a database, columns and rows correspond to
attributes and records.
The following browser request displays the search results of all fiction books that are available to purchase from an online book store. https://insecure-website.com/products?category=Fiction Which of the following browser requests correctly attempts to use a SQL injection to extract additional data from the original request? - https://insecure-website.com/products?category=Fiction' or 1=1-' - https://insecure-website.com/products?category=Fiction' and 1=1' - https://insecure-website.com/products?category=Fiction' where 1=1-' - https://insecure-website.com/products?category=Fiction' display 1=1-'
https://insecure-website.com/products?category=Fiction' or 1=1-'
