1. Input validation is used to prevent which of the following?
- A) Bad input
- B) Formatting issues
- C) Language issues
- D) SQL injection
Show Answer
2. Web applications are used to __________.
- A) Provide dynamic content
- B) Stream video
- C) Apply scripting
- D) Implement security controls
Show Answer
3. Which of the following challenges can be solved by firewalls?
- A) Protection against buffer overflows
- B) Protection against scanning
- C) Enforcement of privileges
- D) Ability to use nonstandard ports
Show Answer
4. Databases can be a victim of code exploits depending on which of the following?
- A) Configuration
- B) Vendor
- C) Patches
- D) Client version
Show Answer
5. In addition to relational databases, there is also what kind of database?
- A) Hierarchical
- B) SQL
- C) ODBC
- D) Structured
Show Answer
6. Which of the following is a scripting language?
- A) ActiveX
- B) Java
- C) CGI
- D) ASP.NET
Show Answer
7. __________ is used to audit databases.
- A) Ping
- B) Ipconfig
- C) SQLPing
- D) Traceroute
Show Answer
8. Browsers do not display __________.
- A) ActiveX
- B) Hidden fields
- C) Java
- D) JavaScript
Show Answer
9. Proper input validation can prevent what from occurring?
- A) Client-side issues
- B) Operating system exploits
- C) SQL injection attacks
- D) Software failure
Show Answer
10. __________ can be used to attack databases.
- A) Buffer overflows
- B) SQL injection
- C) Buffer injection
- D) Input validation
Show Answer
11. Which command can be used to access the command prompt in SQL Server?
- A) WHERE
- B) SELECT
- C) xp_cmdshell
- D) cmdshell
Show Answer
12. Which command is used to query data in SQL Server?
- A) cmdshell
- B) WHERE
- C) SELECT
- D) from
Show Answer
13. Which statement is used to limit data in SQL Server?
- A) cmdshell
- B) WHERE
- C) SELECT
- D) to
Show Answer
14. Which command is used to remove a table from a database?
- A) cmdshell –drop table
- B) REMOVE
- C) DROPTABLES
- D) drop table
Show Answer
15. SQL injection attacks are aimed at which of the following?
- A) Web applications
- B) Web servers
- C) Databases
- D) Database engines
Show Answer
16. Which of the following is another name for a record in a database?
- A) Row
- B) Column
- C) Cell
- D) Label
Show Answer
17. What type of database has its information spread across many disparate systems?
- A) Hierarchical
- B) Relational
- C) Distributed
- D) Flat
Show Answer
18. What type of database uses multiple tables linked together in complex relationships?
- A) Hierarchical
- B) Relational
- C) Distributed
- D) Flat
Show Answer
19. What can an error message tell an attacker?
- A) Success of an attack
- B) Failure of an attack
- C) Structure of a database
- D) All of the above
Show Answer
20. A blind SQL injection attack is used when which of the following is true?
- A) Error messages are not available.
- B) The database is not SQL compatible.
- C) The database is relational.
- D) All of the above.