CNIT 270 final Exam (Latest Update 2026 /
2027) Questions & Answers {Grade A}
100% Correct
Who has stolen large sums of data from the United States? - correct answer China
What does the General Data Protection Regulation (GDPR) essentially say? - correct
answer If you want your data removed, a company must do it
"right to be forgotten"
TRUE/FALSE
If you run John the Ripper against a wordlist, and the password is not in that wordlist,
John will eventually terminate itself. - correct answer FALSE
,John will run forever if password is not in specific word list; keeps trying to find
password in the list
What can be used to find what information is publicly available about you? - correct
answer Open-source intelligence (OSINT) scans
What is the most common attack with the goal of bulk data extraction? - correct
answer SQL injection attacks
With SQL injection, data is tricked to be treated as _________ - correct answer code
What are the SQL injection types? - correct answer SQLi
HTML
BASH/SHELL
,XSS
Insider threat (data leak, phishing)
In SQL injection attacks, where does the vulnerability lay? - correct answer In the
website app; NOT the DBMS
What is tautology? - correct answer a statement that is true by definition
injects code in one or more conditional statements so that they always evaluate to true
(returns everything)
What is used to add additional queries beyond the intended query? - correct answer
piggyback/stacked queries
What does this command do?
, wget purdue.edu - correct answer downloads the index.html page onto the machine
What should secure coding do? - correct answer — input validation
— output encoding
— authentication & password management
— session management
— access control
— cryptographic practices
— error handling & logging
— data protection
— communication security
— database security
— file management
— memory management
2027) Questions & Answers {Grade A}
100% Correct
Who has stolen large sums of data from the United States? - correct answer China
What does the General Data Protection Regulation (GDPR) essentially say? - correct
answer If you want your data removed, a company must do it
"right to be forgotten"
TRUE/FALSE
If you run John the Ripper against a wordlist, and the password is not in that wordlist,
John will eventually terminate itself. - correct answer FALSE
,John will run forever if password is not in specific word list; keeps trying to find
password in the list
What can be used to find what information is publicly available about you? - correct
answer Open-source intelligence (OSINT) scans
What is the most common attack with the goal of bulk data extraction? - correct
answer SQL injection attacks
With SQL injection, data is tricked to be treated as _________ - correct answer code
What are the SQL injection types? - correct answer SQLi
HTML
BASH/SHELL
,XSS
Insider threat (data leak, phishing)
In SQL injection attacks, where does the vulnerability lay? - correct answer In the
website app; NOT the DBMS
What is tautology? - correct answer a statement that is true by definition
injects code in one or more conditional statements so that they always evaluate to true
(returns everything)
What is used to add additional queries beyond the intended query? - correct answer
piggyback/stacked queries
What does this command do?
, wget purdue.edu - correct answer downloads the index.html page onto the machine
What should secure coding do? - correct answer — input validation
— output encoding
— authentication & password management
— session management
— access control
— cryptographic practices
— error handling & logging
— data protection
— communication security
— database security
— file management
— memory management
