Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
78 views3 pages

SQL Injection: Risks and Prevention

Uploaded by

Klaus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
78 views3 pages

SQL Injection: Risks and Prevention

Uploaded by

Klaus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

1. What is SQL Injection?

• A) A method to optimize SQL queries

• B) A technique used to inject malicious SQL statements into an input field

• C) A way to securely store SQL passwords

• D) A method to encrypt SQL database entries

Answer: B) A technique used to inject malicious SQL statements into an input field

2. What is the primary goal of an attacker performing SQL Injection?

• A) To steal user credentials

• B) To execute arbitrary SQL commands to manipulate the database

• C) To crash the database

• D) To cause a denial of service attack

Answer: B) To execute arbitrary SQL commands to manipulate the database

3. Which of the following is a potential impact of a successful SQL Injection attack?

• A) Data theft or unauthorized data modification

• B) Elevation of privileges and access to sensitive information

• C) Corruption of database tables

• D) All of the above

Answer: D) All of the above

4. Which of the following is an example of a vulnerable SQL query exposed to SQL


Injection?

• A) SELECT * FROM users WHERE username = 'admin' AND password =


'password';

• B) SELECT * FROM users WHERE username = 'admin' AND password =


'password' OR '1'='1';

• C) SELECT * FROM users WHERE username = ? AND password = ?;

• D) SELECT * FROM users WHERE username = ? AND password = ? AND email =


?;

Answer: B) SELECT * FROM users WHERE username = 'admin' AND password =


'password' OR '1'='1';
5. Which SQL keyword is commonly used in SQL Injection to bypass authentication
or validate malicious input?

• A) DROP

• B) UNION

• C) SELECT

• D) INSERT

Answer: B) UNION

6. What type of SQL Injection involves injecting SQL queries through the URL or
parameters in a web application?

• A) Blind SQL Injection

• B) Error-based SQL Injection

• C) In-band SQL Injection

• D) Time-based SQL Injection

Answer: C) In-band SQL Injection

7. How can parameterized queries help protect against SQL Injection attacks?

• A) By avoiding the use of complex SQL queries

• B) By ensuring input is treated as data, not executable code

• C) By validating input using regular expressions

• D) By encrypting the database queries

Answer: B) By ensuring input is treated as data, not executable code

8. Which of the following is a form of SQL Injection where an attacker does not
receive direct error messages but can infer information from the application's
behavior?

• A) Error-based SQL Injection

• B) Blind SQL Injection

• C) Union-based SQL Injection

• D) Time-based SQL Injection

Answer: B) Blind SQL Injection


9. Which technique involves an attacker injecting a SQL query that takes advantage
of error messages to retrieve information about the database structure?

• A) Time-based SQL Injection

• B) Error-based SQL Injection

• C) Blind SQL Injection

• D) Union-based SQL Injection

Answer: B) Error-based SQL Injection

10. Which of the following is a preventive measure against SQL Injection attacks?

• A) Using HTTPS for database communications

• B) Validating and sanitizing all user inputs

• C) Avoiding the use of SQL queries altogether

• D) Disabling error messages on the server

Answer: B) Validating and sanitizing all user inputs

You might also like