MCQ | SQL – Injection

SQL Injection MCQ: This section contains the Multiple-Choice Questions & Answers on SQL Injection.
Submitted by Anushree Goswami, on October 04, 2021

SQL Injection MCQs

1. Which of the following statement is TRUE about SQL Injection?

SQL Injection is an Object Penetration Technique
SQL Injection is a Function Penetration Technique
SQL Injection is a Code Penetration Technique
SQL Injection is a Database Penetration Technique

Answer: C) SQL Injection is a Code Penetration Technique

Explanation:

SQL Injection is a Code Penetration Technique and loss to our database could be caused due to SQL Injection.

Discuss this Question

2. At which of the following stage does SQL Injection occurs?

When the user is asked to logout
When the user is asked to input password
When the user is asked to input captcha
When the user is asked to input username

Answer: D) When the user is asked to input username

Explanation:

SQL Injection occurs when the user is asked to input a username. In replacement of the name or the user ID, a SQL statement is provided by the user.

Discuss this Question

3. Which of the following is the type of SQL Injection attack?

It inserts the data
It updates the data
It deletes the data
All of the above

Answer: D) All of the above

Explanation:

To insert, update and delete the data are all the types of SQL Injection attacks and the attack can be used to modify the cookies to harm the database query of the web application.

Discuss this Question

4. Which of the following is TRUE about the type of SQL Injection attack?

Install malicious program
Export valuable data
Get user login detail
All of the above

Answer: D) All of the above

Explanation:

Types of SQL Injection attack includes the installation of malicious program, exporting of the valuable data and to get the user login details.

Discuss this Question

5. Select the correct statement which will return all the rows from the Table and then also deletes the Table_Add table?

SELECT * FROM Table; DROP TABLE Table_Add
SELECT * WHERE Table; DROP TABLE Table_Add
SELECT * FROM Table; DELETE TABLE Table_Add
SELECT * WHERE Table; DELETE TABLE Table_Add

Answer: A) SELECT * FROM Table; DROP TABLE Table_Add

Explanation:

The correct statement which will return all the rows from the Table and then also deletes the Table_Add table is – SELECT * FROM Table; DROP TABLE Table_Add.

Discuss this Question

6. Through which system, we can detect SQL Injection attacks?

Injection Detection System
Attack Detection System
Intrusion Detection System
None of the above

Answer: C) Intrusion Detection System

Explanation:

Through Intrusion Detection System, we can detect SQL Injection attacks.

Discuss this Question

7. Which of the following is TRUE about Intrusion Detection System?

Intrusion Detection System is Network-based
Intrusion Detection System is Host-based
Both A) and B)
None of the above

Answer: C) Both A) and B)

Explanation:

Intrusion Detection System is both Network-based and Host-based.

Discuss this Question

8. Network-based IDS can be used to monitor –

Web server logs
When something weird occurs
All connections to the database server
None of the above

Answer: C) All connections to the database server

Explanation:

Network-based IDS can be used to monitor all connections to the database server and flags suspicious activities.

Discuss this Question

9. Host-based IDS can be used to monitor –

Web server logs
When something weird occurs
Both A) and B)
None of the above

Answer: C) Both A) and B)

Explanation:

Host-based IDS can be used to monitor the web server logs and when something weird occurs.

Discuss this Question

10. How can we prevent SQL Injection attack?

We should pre-define the input type, input field and length of the user data to validate the input for the user authentication.
Access privileges should be restricted for the users
Administrator accounts should not be used.
All of the above

Answer: D) All of the above

Explanation:

In order to prevent the SQL Injection attack, we should pre-define the input type, input field, and length of the user data to validate the input for the user authentication. Access privileges should be restricted for the users and administrator accounts should not be used.