HOD401 Chapter 14
6. Which of the following is a scripting language? A. ActiveX B. Java C. CGI D. ASP.NET
C
1. Input validation is used to prevent which of the following? A. Bad input B. Formatting issues C. Language issues D. SQL injection
A
16. Which of the following is another name for a record in a database? A. Row B. Column C. Cell D. Label
A
2. Web applications are used to __________. A. Provide dynamic content B. Stream video C. Apply scripting D. Implement security controls
A
20. A blind SQL injection attack is used when which of the following is true? A. Error messages are not available. B. The database is not SQL compatible. C. The database is relational. D. All of the above.
A
4. Databases can be a victim of code exploits depending on which of the following? A. Configuration B. Vendor C. Patches D. Client version
A
5. In addition to relational databases, there is also what kind of database? A. Hierarchical B. SQL C. ODBC D. Structured
A
10. __________ can be used to attack databases. A. Buffer overflows B. SQL injection C. Buffer injection D. Input validation
B
13. Which statement is used to limit data in SQL Server? A. cmdshell B. WHERE C. SELECT D. to
B
18. What type of database uses multiple tables linked together in complex relationships? A. Hierarchical B. Relational C. Distributed D. Flat
B
3. Which of the following challenges can be solved by firewalls? A. Protection against buffer overflows B. Protection against scanning C. Enforcement of privileges D. Ability to use nonstandard ports
B
8. Browsers do not display __________. A. ActiveX B. Hidden fields C. Java D. JavaScript
B
9. Proper input validation can prevent what from occurring? A. Client-side issues B. Operating system exploits C. SQL injection attacks D. Software failure
B
12. Which command is used to query data in SQL Server? A. cmdshell B. WHERE C. SELECT D. from
BCD
11. Which command can be used to access the command prompt in SQL Server? A. WHERE B. SELECT C. xp_cmdshell D. cmdshell
C
15. SQL injection attacks are aimed at which of the following? A. Web applications B. Web servers C. Databases D. Database engines
C
17. What type of database has its information spread across many disparate systems? A. Hierarchical B. Relational C. Distributed D. Flat
C
7. __________ is used to audit databases. A. Ping B. Ipconfig C. SQLPing D. Traceroute
C
14. Which command is used to remove a table from a database? A. cmdshell -drop table B. REMOVE C. DROPTABLES D. drop table
D
19. What can an error message tell an attacker? A. Success of an attack B. Failure of an attack C. Structure of a database D. All of the above
D