Computer Science - Software Security
What is the correct hierarchy of elements for a database schema (overall design / organization) ? a. Record, Field, Database, File (Table) b. Database, Record, Field, File (Table) c. Database, File (Table), Record, Field d. Database, File (Table), Field, Record
c
In an error-based SQL injection risk a. the site returns an unhandled internal exception b. the site returns errors in the browser that the hacker can use to explore the database more c. the site returns information meant for the developer, but also delivers it to a person's webpage. d. All of the above
d
In the Client-Server Model, the database: a. is downloaded to the client upon request b. is shared by both the client and server c. resides on the client side d. resides on the server side
d
The SELECT statement allows you to a. use the view source page in the developer tools. b. return a TRUE value. c. return a FALSE value. d. ask for a row or multiple rows from a table in a database.
d
In the Chrome Developer Tools, this panel is so useful that it is accessible from every panel. a. Console panel b. Elements panel c. Sources panel d. Application panel
a
The schema is how we define what is stored in a table. a. True b. False
a
During an XSS attack, an attacker exploits a vulnerability within a website or web app that the victim visits, and not the victim directly. a. True b. False
a
In a union-based vulnerability, the malicious actor can add another condition to the SQL injection that's always true. a. True b. False
a
What kinds of damage can a malicious actor do with a SQLi attack? I. Change passwords II. Reduce prices on ecommerce sites III. Insert users into database table IV. Drop database tables entirely V. Create logins a. I , II, III, IV, and V b. V only c. III and IV only d. I only
a
According to OWASP, there are currently 4 primary defenses against SQLi attacks. This single most important technique for preventing SQLi of these is a. use of stored procedures b. use of prepared statements (with parameterized queries) c. white list input validation d. Escape all user supplied input
b
The SQL query: SELECT name, id FROM House; will return a. the House table. b. the name and id columns, in that order. c. the id and name columns, in that order. d. no columns.
b
The main unit of data in SQL is a database. a. False b. True
b
Developer tools can help with: I. Testing and debugging a site or web app. II. Diagnosing problems quickly on a site or web app. III. Building and maintaining a more secure site or web app. IV. Modifying site or web app elements and sending the changes back to the server. V. Changing code in real time to see how it impacts the site or web app on the fly. a. I, II, III, IV, and V b.IV only c. I, II, III, and V
c
SQLi attacks can allow hackers to gain access to I. Customer data II. Social Security numbers III. Company secrets IV. Intellectual property V. Admin login credentials a. V only b. I, II, III, and IV c. I, II, III, IV, and V d. I only
c
Which of the following are TRUE about clients? I. Client devices are typically personal computing devices with network software applications installed. II. Clients are very similar to Database Management Systems or DBMSs. III. Client devices request and receive information over the network or Internet. IV. Examples of client devices are mobile devices like your smart phone, tablets, iPads, laptops and also desktop computers. V. A client is an electronic system that allows data to be easily accessed, manipulated and updated. VI. Client-server applications are programs or apps that run on our client devices that need to access resources from a server. a. I, II, III, IV, V, and VI b.II and V c. I, III, IV, and VI d. III and IV only
c
Applications of the Client-Server Model are a. World Wide Web b. Network Printing c. Email d. All of the above
d
During an XSS attack, attackers can perform I. Cookie theft II. Key logging III. Phishing IV. Identity theft a. III only b. IV only c. I and II d. I-IV all
d
What operator means "not equal to" in SQL? a. == b. != c. /= d. <> e. NOT EQUAL
d
When creating passwords for sites and apps, it's important for us to look at what the site requires in terms of password strength. Which of the following shows that the site or app may not have strong enough rules for creating passwords? I. The number of characters required is very low or there is no minimum defined at all. II. Special characters are not allowed to be used in the password. III. The company or organization sends your credentials (username and password) via email at any time, but especially on sign up. IV. The company or organization emails a new password. V. The company or organization does not confirm your old password before allowing you change it. a. II and IV b. I, III, and V c. I and II only d. I, II, III, IV, and V
d
The ultimate goal of SQLi is to a. gain control of a web application's database server. b. to inject a web page with new HTML. c. to create a hash digest for any user input. d. to overwrite all of the JavaScript on a site or web application.
a
Which of the following are TRUE about servers? I. Examples of servers include web servers, mail servers, and file servers. II. Servers provide resources to client devices. III. Most servers have a one-to-many relationship with clients. IV. A single server can provide multiple resources to multiple clients at one time. V. A server device typically stores files and databases including more complex applications like Web sites. VI. Server devices often feature higher-powered central processors, more memory, and larger disk drives than clients. VII. A server computer program or application provides functionality for client programs or devices. VIII. Servers can provide various functionalities, often called "services", such as sharing data or resources among multiple clients, or performing computation for a client. IX. Typical servers are database servers, file servers, mail servers, print servers, web servers, game servers, and application servers. a. I-IX all b. I, III, V, VII, IX c. II, IV, VI, VIII d. I, II, and III
a
When we inspect an element through developer tools, we are looking at: a. The page as it was intended to work. b. The state of the page before it was loaded. c. The current state of the page while it is being loaded. d. The current state of the page after it has been loaded.
d
What does SQL stand for? a. Standard Query Language b. Structured Query Language c. Sewing Quilts Language d. Structured Question Language
b
Which of the following describe databases: I. They are organized collections of data (e.g., text, images, videos, audio, geospatial, tabular) II. They are an electronic system that allows data to be easily accessed, manipulated and updated III. They are exactly like spreadsheets. IV. They are managed with Database Management Systems (DBMS) V. They are like spreadsheets in that they have rows and columns. VI. They differ from spreadsheets in that they are organized into tables and can store a lot more data. VII. They can be queried with languages like SQL (Structured Query Language) a. I, II, III, IV, V, VI, and VII b. All except III c. I, II, and III d. III, V, and VI
b
A database is always comprised of a. more little databases. b.personally identifying information. c. tables and rows. d. lots of cryptographically stored symbols.
c
What does it mean for code to be minified? a. It's typed in really small font like 6pt. b. It's written only referencing functions contained in a library or API so that you only need to look at the function calls and not the definitions. c. All of the spaces are removed from the code so that it is unreadable.
c
A bad actor or attacker, who is attempting any kind of SQL injection, basically is trying to a. gain access to the site's database contents. b. capture information about the site via a series of queries. c. build up a profile of what is inside the app or web site. d. All of the above
d
