MCQ | SQL – Injection

SQL Injection MCQ: This section contains the Multiple-Choice Questions & Answers on SQL Injection.
Submitted by Anushree Goswami, on October 04, 2021

SQL Injection MCQs

1. Which of the following statement is TRUE about SQL Injection?

  1. SQL Injection is an Object Penetration Technique
  2. SQL Injection is a Function Penetration Technique
  3. SQL Injection is a Code Penetration Technique
  4. SQL Injection is a Database Penetration Technique

Answer: C) SQL Injection is a Code Penetration Technique

Explanation:

SQL Injection is a Code Penetration Technique and loss to our database could be caused due to SQL Injection.

Discuss this Question


2. At which of the following stage does SQL Injection occurs?

  1. When the user is asked to logout
  2. When the user is asked to input password
  3. When the user is asked to input captcha
  4. When the user is asked to input username

Answer: D) When the user is asked to input username

Explanation:

SQL Injection occurs when the user is asked to input a username. In replacement of the name or the user ID, a SQL statement is provided by the user.

Discuss this Question


3. Which of the following is the type of SQL Injection attack?

  1. It inserts the data
  2. It updates the data
  3. It deletes the data
  4. All of the above

Answer: D) All of the above

Explanation:

To insert, update and delete the data are all the types of SQL Injection attacks and the attack can be used to modify the cookies to harm the database query of the web application.

Discuss this Question


4. Which of the following is TRUE about the type of SQL Injection attack?

  1. Install malicious program
  2. Export valuable data
  3. Get user login detail
  4. All of the above

Answer: D) All of the above

Explanation:

Types of SQL Injection attack includes the installation of malicious program, exporting of the valuable data and to get the user login details.

Discuss this Question


5. Select the correct statement which will return all the rows from the Table and then also deletes the Table_Add table?

  1. SELECT * FROM Table; DROP TABLE Table_Add
  2. SELECT * WHERE Table; DROP TABLE Table_Add
  3. SELECT * FROM Table; DELETE TABLE Table_Add
  4. SELECT * WHERE Table; DELETE TABLE Table_Add

Answer: A) SELECT * FROM Table; DROP TABLE Table_Add

Explanation:

The correct statement which will return all the rows from the Table and then also deletes the Table_Add table is – SELECT * FROM Table; DROP TABLE Table_Add.

Discuss this Question


6. Through which system, we can detect SQL Injection attacks?

  1. Injection Detection System
  2. Attack Detection System
  3. Intrusion Detection System
  4. None of the above

Answer: C) Intrusion Detection System

Explanation:

Through Intrusion Detection System, we can detect SQL Injection attacks.

Discuss this Question


7. Which of the following is TRUE about Intrusion Detection System?

  1. Intrusion Detection System is Network-based
  2. Intrusion Detection System is Host-based
  3. Both A) and B)
  4. None of the above

Answer: C) Both A) and B)

Explanation:

Intrusion Detection System is both Network-based and Host-based.

Discuss this Question


8. Network-based IDS can be used to monitor –

  1. Web server logs
  2. When something weird occurs
  3. All connections to the database server
  4. None of the above

Answer: C) All connections to the database server

Explanation:

Network-based IDS can be used to monitor all connections to the database server and flags suspicious activities.

Discuss this Question


9. Host-based IDS can be used to monitor –

  1. Web server logs
  2. When something weird occurs
  3. Both A) and B)
  4. None of the above

Answer: C) Both A) and B)

Explanation:

Host-based IDS can be used to monitor the web server logs and when something weird occurs.

Discuss this Question


10. How can we prevent SQL Injection attack?

  1. We should pre-define the input type, input field and length of the user data to validate the input for the user authentication.
  2. Access privileges should be restricted for the users
  3. Administrator accounts should not be used.
  4. All of the above

Answer: D) All of the above

Explanation:

In order to prevent the SQL Injection attack, we should pre-define the input type, input field, and length of the user data to validate the input for the user authentication. Access privileges should be restricted for the users and administrator accounts should not be used.

Discuss this Question





Comments and Discussions!

Load comments ↻





Copyright © 2024 www.includehelp.com. All rights reserved.