CS 271 (Mr. Cauthen) Test 1 Study Guide
Buffer Overflow includes all of the properties below except:
a) Occurs when the amount of data in the buffer exceeds its storage capacity.
b) Data overflows into adjacent memory locations and corrupts or overwrites the data in those
locations.
c) Occurs when code is reliant on external data to control its behavior or Is dependent on data
properties that are enforced beyond its immediate scope or is so complex that programmers are
not able to predict its behavior accurately.
d) Buffer overflow attacks can only be executed by highly skilled hackers with in-depth
knowledge of low-level programming. - ANS d) Buffer overflow attacks can only be executed by
highly skilled hackers with in-depth knowledge of low-level programming.
Cross Site Scripting (XSS) properties include:
a) For XSS attacks to be successful, an attacker needs to insert and execute malicious content
in a webpage.
b) XSS is only a server-side issue.
c) XSS only affects websites with login functionality.
d) XSS attacks can only steal session cookies. - ANS a) For XSS attacks to be successful, an
attacker needs to insert and execute malicious content in a webpage.
What is true about Cross Site Scripting (XSS) attacks?
a) XSS attacks are only possible in JavaScript.
b) XSS attacks can't be executed on modern web applications.
c) Sanitizing input is enough to prevent all XSS attacks.
d) XSS attacks are a type of injection, in which malicious scripts are injected into otherwise
benign and trusted websites. - ANS d) XSS attacks are a type of injection, in which malicious
scripts are injected into otherwise benign and trusted websites.
What is true about Cross Site Scripting (XSS) attacks?
a) XSS attacks can't be executed through image or video files.
b) Security headers like Content Security Policy (CSP) are ineffective against XSS attacks.
c) XSS attacks can't be used for spamming or mass mailing.
d) XSS attacks occur when an attacker uses a web application to send malicious code,
generally in the form of a browser side script, to a different end user. - ANS d) XSS attacks
occur when an attacker uses a web application to send malicious code, generally in the form of
a browser side script, to a different end user.
,What is true about Cross Site Scripting (XSS) attacks?
a) Using sing XSS, attackers can perform remote code execution on a user's computer, steal
credentials or install malware from redirect websites.
b) Web application firewalls (WAFs) can fully protect against XSS."
c) "Only GET requests can be vulnerable to XSS attacks."
d) "You can't perform XSS attacks on JSON data. - ANS a) Using sing XSS, attackers can
perform remote code execution on a user's computer, steal credentials or install malware from
redirect websites.
What is an SQL injection?
a) A secure method for enhancing database "MYSQL.db"
b) A technique for encrypting sensitive data in a database.
c) A code injection technique that might destroy your database.
d) A method for creating backups of your database. - ANS c) A code injection technique that
might destroy your database.
Which of the following statements about SQL injection is true?
a) SQL injection is a technique that only affects the server's hardware.
b) SQL injection is a method for securing a web application.
c) SQL injection is a rare occurrence in modern web development.
d) SQL injection is one of the most common web hacking techniques. - ANS d) SQL injection is
one of the most common web hacking techniques.
In the realm of web security vulnerabilities, which statement accurately characterizes the
prevalence and significance of SQL injection?
a) SQL injection primarily affects non-relational databases, making it less common in modern
web development.
b) SQL injection is a seldom-encountered issue due to the widespread adoption of advanced
security protocols.
c) SQL injection, though once a prominent threat, has been nearly eradicated in contemporary
web applications.
d) SQL injection is one of the most common web hacking techniques, posing a persistent and
substantial threat to web security. - ANS d) SQL injection is one of the most common web
hacking techniques, posing a persistent and substantial threat to web security.
What best describes an SQL injection?
a) The process of encrypting sensitive data within a database using SQL commands.
b) A technique for optimizing the performance of SQL queries in a web application.
c) An SQL error that occurs when a query lacks proper syntax.
, d) An SQL injection is the placement of malicious code in SQL statements, via web page input. -
ANS d) An SQL injection is the placement of malicious code in SQL statements, via web page
input.
What is the definition of SQL injection in the context of web security?
a) A method to securely transmit data between web servers.
b) A process for optimizing SQL database performance.
c) The act of inserting cookies into web applications.
d) An SQL injection is the placement of malicious code in SQL statements, via web page input. -
ANS d) An SQL injection is the placement of malicious code in SQL statements, via web page
input.
In web security, what precisely is meant by the term "SQL injection"?
A) An approach to safeguarding databases from external threats.
B) A technique for speeding up SQL query execution.
C) The insertion of malicious code into SQL statements through user input.
D) The automation of database backups for data protection. - ANS C) The insertion of
malicious code into SQL statements through user input.
Which of the following accurately characterizes an SQL injection in web security?
a) A means of ensuring the confidentiality of sensitive data.
b) A strategy to enhance website load times.
c) A vulnerability that allows attackers to manipulate SQL queries with malicious input.
d) A mechanism for identifying SQL syntax errors - ANS c) A vulnerability that allows attackers
to manipulate SQL queries with malicious input.
What is the core concept behind an SQL injection attack in web security?
A) Securing databases from unauthorized access.
B) Improving the efficiency of SQL database queries.
C) Exploiting vulnerabilities to insert malicious SQL code via user input.
D) Detecting and resolving SQL syntax errors. - ANS C) Exploiting vulnerabilities to insert
malicious SQL code via user input.
In web security, what does the term "SQL injection" specifically refer to?
a) A technique for safeguarding web applications from external threats.
b) A method for accelerating SQL database transactions.
c) A vulnerability that allows malicious code to be inserted into SQL statements through user
input.
Buffer Overflow includes all of the properties below except:
a) Occurs when the amount of data in the buffer exceeds its storage capacity.
b) Data overflows into adjacent memory locations and corrupts or overwrites the data in those
locations.
c) Occurs when code is reliant on external data to control its behavior or Is dependent on data
properties that are enforced beyond its immediate scope or is so complex that programmers are
not able to predict its behavior accurately.
d) Buffer overflow attacks can only be executed by highly skilled hackers with in-depth
knowledge of low-level programming. - ANS d) Buffer overflow attacks can only be executed by
highly skilled hackers with in-depth knowledge of low-level programming.
Cross Site Scripting (XSS) properties include:
a) For XSS attacks to be successful, an attacker needs to insert and execute malicious content
in a webpage.
b) XSS is only a server-side issue.
c) XSS only affects websites with login functionality.
d) XSS attacks can only steal session cookies. - ANS a) For XSS attacks to be successful, an
attacker needs to insert and execute malicious content in a webpage.
What is true about Cross Site Scripting (XSS) attacks?
a) XSS attacks are only possible in JavaScript.
b) XSS attacks can't be executed on modern web applications.
c) Sanitizing input is enough to prevent all XSS attacks.
d) XSS attacks are a type of injection, in which malicious scripts are injected into otherwise
benign and trusted websites. - ANS d) XSS attacks are a type of injection, in which malicious
scripts are injected into otherwise benign and trusted websites.
What is true about Cross Site Scripting (XSS) attacks?
a) XSS attacks can't be executed through image or video files.
b) Security headers like Content Security Policy (CSP) are ineffective against XSS attacks.
c) XSS attacks can't be used for spamming or mass mailing.
d) XSS attacks occur when an attacker uses a web application to send malicious code,
generally in the form of a browser side script, to a different end user. - ANS d) XSS attacks
occur when an attacker uses a web application to send malicious code, generally in the form of
a browser side script, to a different end user.
,What is true about Cross Site Scripting (XSS) attacks?
a) Using sing XSS, attackers can perform remote code execution on a user's computer, steal
credentials or install malware from redirect websites.
b) Web application firewalls (WAFs) can fully protect against XSS."
c) "Only GET requests can be vulnerable to XSS attacks."
d) "You can't perform XSS attacks on JSON data. - ANS a) Using sing XSS, attackers can
perform remote code execution on a user's computer, steal credentials or install malware from
redirect websites.
What is an SQL injection?
a) A secure method for enhancing database "MYSQL.db"
b) A technique for encrypting sensitive data in a database.
c) A code injection technique that might destroy your database.
d) A method for creating backups of your database. - ANS c) A code injection technique that
might destroy your database.
Which of the following statements about SQL injection is true?
a) SQL injection is a technique that only affects the server's hardware.
b) SQL injection is a method for securing a web application.
c) SQL injection is a rare occurrence in modern web development.
d) SQL injection is one of the most common web hacking techniques. - ANS d) SQL injection is
one of the most common web hacking techniques.
In the realm of web security vulnerabilities, which statement accurately characterizes the
prevalence and significance of SQL injection?
a) SQL injection primarily affects non-relational databases, making it less common in modern
web development.
b) SQL injection is a seldom-encountered issue due to the widespread adoption of advanced
security protocols.
c) SQL injection, though once a prominent threat, has been nearly eradicated in contemporary
web applications.
d) SQL injection is one of the most common web hacking techniques, posing a persistent and
substantial threat to web security. - ANS d) SQL injection is one of the most common web
hacking techniques, posing a persistent and substantial threat to web security.
What best describes an SQL injection?
a) The process of encrypting sensitive data within a database using SQL commands.
b) A technique for optimizing the performance of SQL queries in a web application.
c) An SQL error that occurs when a query lacks proper syntax.
, d) An SQL injection is the placement of malicious code in SQL statements, via web page input. -
ANS d) An SQL injection is the placement of malicious code in SQL statements, via web page
input.
What is the definition of SQL injection in the context of web security?
a) A method to securely transmit data between web servers.
b) A process for optimizing SQL database performance.
c) The act of inserting cookies into web applications.
d) An SQL injection is the placement of malicious code in SQL statements, via web page input. -
ANS d) An SQL injection is the placement of malicious code in SQL statements, via web page
input.
In web security, what precisely is meant by the term "SQL injection"?
A) An approach to safeguarding databases from external threats.
B) A technique for speeding up SQL query execution.
C) The insertion of malicious code into SQL statements through user input.
D) The automation of database backups for data protection. - ANS C) The insertion of
malicious code into SQL statements through user input.
Which of the following accurately characterizes an SQL injection in web security?
a) A means of ensuring the confidentiality of sensitive data.
b) A strategy to enhance website load times.
c) A vulnerability that allows attackers to manipulate SQL queries with malicious input.
d) A mechanism for identifying SQL syntax errors - ANS c) A vulnerability that allows attackers
to manipulate SQL queries with malicious input.
What is the core concept behind an SQL injection attack in web security?
A) Securing databases from unauthorized access.
B) Improving the efficiency of SQL database queries.
C) Exploiting vulnerabilities to insert malicious SQL code via user input.
D) Detecting and resolving SQL syntax errors. - ANS C) Exploiting vulnerabilities to insert
malicious SQL code via user input.
In web security, what does the term "SQL injection" specifically refer to?
a) A technique for safeguarding web applications from external threats.
b) A method for accelerating SQL database transactions.
c) A vulnerability that allows malicious code to be inserted into SQL statements through user
input.
