Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH v12 Exam Prep "Hard" > Module 15 - SQL Injection ( EC Mode ) > Flashcards

Module 15 - SQL Injection ( EC Mode ) Flashcards

1
Q

In which of the following SQL injection attacks does an attacker deface a web page, insert malicious content into web pages, or alter the contents of a database?

A. Compromised data integrity

B. Authorization bypass

C. Compromised availability of data

D. Remote code execution

A

Answer: A. Compromised data integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is the result obtained after executing the SQL query “SELECT * FROM User_Data WHERE Email_ID = ‘blah’ OR 1=1”?

A. Update Table
B. Add New Records
C. Return More Data
D. Identify the Table Name

A

Answer: C. Return More Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

security administrator notices that the log file of the company’s webserver contains suspicious entries:

[20/Mar/2011:10:49:07] “GET /login.php?user=test’+oR+3>2%20– HTTP/1.1” 200 9958
[20/Mar/2011:10:51:02] “GET /login.php?user=admin’;%20– HTTP/1.1” 200 9978

The administrator decides to further investigate and analyze the source code of the login.php file:

php
include(‘../../config/db_connect.php’);
$user = $_GET[‘user’];
$pass = $_GET[‘pass’];
$sql = “SELECT * FROM USERS WHERE username = ‘$user’ AND password = ‘$pass’”;
$result = mysql_query($sql) or die (“couldn’t execute query”);

if (mysql_num_rows($result) != 0) echo ‘Authentication granted!’;
else echo ‘Authentication failed!’;
?>

Based on the source code analysis provided, the analyst concludes that the login.php script is vulnerable to:

A. SQL injection
B. Command injection
C. LDAP injection
D. Directory traversal

A

Answer: A. SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Bank of Timbuktu is a medium-sized, regional financial institution in Timbuktu. The bank has recently deployed a new Internet-accessible web application. Customers can access their account balances, transfer money between accounts, pay bills, and conduct online financial business using a web browser.

John Stevens is in charge of information security at the Bank of Timbuktu. After one month in production, several customers have complained about the Internet-enabled banking application. Strangely, the account balances of many of the bank’s customers have been changed! However, money has not been removed from the bank; instead, money is transferred between accounts. Given this attack profile, John Stevens reviewed the web application’s logs and found the following entries:

Attempted login of unknown user: johnm

Attempted login of unknown user: susaR

Attempted login of unknown user: sencat

Attempted login of unknown user: pete’’;

Attempted login of unknown user: ‘ or 1=1–

Attempted login of unknown user: ‘; drop table logins–

Login of user jason, sessionID= 0x75627578626F6F6B

Login of user daniel, sessionID= 0x98627579539E13BE

Login of user rebecca, sessionID= 0x9062757944CCB811

Login of user mike, sessionID= 0x9062757935FB5C64

Transfer Funds user jason

Pay Bill user mike

Logout of user mike

What kind of attack did the hacker attempt to carry out at the bank, based on the given information?

A. The hacker first attempted logins with suspected user names, and then used SQL injection to gain access to valid bank login IDs.
B. Brute force attack in which the hacker attempted guessing login IDs and passwords from password-cracking tools.
C. The hacker used a generator module to pass results to the webserver and exploited web application CGI vulnerability.
D. The hacker attempted session hijacking, in which the hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID, and took over Jason’s session.

A

Answer: A. The hacker first attempted logins with suspected user names, and then used SQL injection to gain access to valid bank login IDs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SQL injection attacks do not exploit a specific software vulnerability; instead, they target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database.

A. False
B. True

A

Answer: B. True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following system tables does MS SQL Server database use to store metadata that hackers can use to acquire database schema information to further compromise the database?

A. sysdbs
B. sysrows
C. sysobjects
D. syscells

A

Answer: C. sysobjects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following methods carries the requested data to the webserver as a part of the message body?

A. HTTP POST
B. HTTP GET
C. IBM DB2
D. Cold fusion

A

Answer: A. HTTP POST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is the most effective technique in identifying vulnerabilities or flaws in the web page code?

A. Traffic analysis
B. Packet analysis
C. Code analysis
D. Data analysis

A

Answer: C. Code analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An attacker injects the following SQL query:

blah’ AND 1=(SELECT COUNT(*) FROM mytable); –

What is the intention of the attacker?

A. Identifying the table name
B. Deleting a table
C. Updating table
D. Adding new records

A

Answer: A. Identifying the table name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Identify the reason why Web Applications are vulnerable to SQL injection attacks.?

A. Avoid constructing dynamic SQL with concatenated input values.
B. Tests the content of string variables and accepts only expected values.
C. Error messages reveal important information.
D. Reject entries that contain binary data, escape sequences, and comment characters.

A

Answer: C. Error messages reveal important information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In which of the following attacks does an attacker pose a true or false question to a database to determine whether an application is vulnerable to SQL injection?

A. Blind SQL injection
B. In-band SQL injection
C. Error-based SQL injection
D. Union SQL injection

A

Answer: A. Blind SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In which of the following attacks does an attacker inject an additional malicious query into an original query to make the DBMS execute multiple SQL queries?

A. Tautology
B. System stored procedure
C. Piggybacked query
D. Illegal/logically incorrect query

A

Answer: C. Piggybacked query

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In one of the following attacks, an attacker uses different communication channels to perform the attack and obtain results. It is difficult to perform as the attacker needs to communicate with a database server and determine the server features used by a web application. Which is this attack?

A. Union SQL injection
B. In-band SQL injection
C. End-of-line comment
D. Out-of-band SQL injection

A

Answer: D. Out-of-band SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the main difference between a “Normal” SQL injection and a “Blind” SQL injection vulnerability?

A. The vulnerable application does not display errors with information about the injection results to the attacker.
B. The request to the webserver is not visible to the administrator of the vulnerable application.
C. A successful attack does not show an error message to the administrator of the affected application.
D. The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

A

Answer: A. The vulnerable application does not display errors with information about the injection results to the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In which of the following attacks does an attacker use the same communication channel to perform the attack and retrieve the results?

A. Inferential SQL injection
B. In-band SQL injection
C. Out-of-band SQL injection
D. Blind SQL injection

A

Answer: B. In-band SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In which of the following attacks does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true?

A. End-of-line comment
B. UNION SQL injection
C. Illegal/logically incorrect query
D. Tautology

A

Answer: D. Tautology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In which of the following attacks does an attacker inject an additional malicious query to the original query?

A. UNION SQL injection
B. Piggybacked query
C. In-line comment
D. Tautology

A

Answer: B. Piggybacked query

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following attacks is time-intensive because the database should generate a new statement for each newly recovered bit?

A. Error-based SQL injection
B. In-band SQL injection
C. Blind SQL injection
D. UNION SQL injection

A

Answer: C. Blind SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following commands is used to make the CPU wait for a specified amount of time before executing an SQL query?

A. ORDER BY 10–
B. WAITFOR DELAY ‘0:0:10’–
C. UNION SELECT 1,null,null—
D. GET_HOST_NAME()

A

Answer: B. WAITFOR DELAY ‘0:0:10’–

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following SQL queries is an example of a heavy query used in SQL injection?

A. SELECT * FROM products WHERE id_product=$id_product
B. SELECT Name, Price, Description FROM ITEM_DATA WHERE ITEM_ID = 67 AND 1 = 1
C. SELECT Name, Phone, Address FROM Users WHERE Id=1 UNION ALL SELECT creditCardNumber,1,1 FROM CreditCardTable
D. SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C

A

Answer: D. SELECT * FROM products WHERE id=1 AND 1 < SELECT count(*) FROM all_users A, all_users B, all_users C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

In which of the following attacks does an attacker pose a true or false question to an database to determine whether an application is vulnerable to SQL injection?

A. Union SQL injection
B. Error-based SQL injection
C. In-band SQL injection
D. Blind SQL injection

A

Answer: D. Blind SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Steve works as a penetration tester in a firm named InfoSecurity. Recently, Steve was given an assignment to test the security of the company’s web applications and backend database. While conducting the test, he sends a malicious SQL query with conditional timing delays to the backend database through the web application. This conditional time delay forces the database to wait for a specified amount of time before responding. He performs the same task using different malicious SQL queries. By observing various query responses from the database, Steve came to know that the web application is vulnerable to an SQL injection attack.
What type of SQL injection attack is Steve most likely performing?

A. Out-of-band SQL Injection
B. Error-based SQL injection
C. Blind SQL injection
D. Union-based SQL injection

A

Answer: C. Blind SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Select all correct answers.

In blind SQLi, attackers can steal data by asking a series of true or false questions through SQL statements. Select all the correct types of blind SQL injections.?

A. Time delay
B. Boolean exploitation
C. System-stored procedure
D. Tautology

A

Answer: A. Time delay, B. Boolean exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table?

A. UNION SQL injection
B. Tautology
C. In-line comments
D. Piggybacked query

A

Answer: A. UNION SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

In one of the following methods, an attacker attempts to replicate error-free navigation by injecting simple inputs such as ‘ and ‘1’ = ‘1 Or ‘ and ‘1’ = ‘2 and forces an application to generate application errors that reveal information such as table names, column names, and data types. Which is this method?

A. Determining a SELECT query structure
B. Determining the database engine type
C. Parameter tampering
D. Type mismatch

A

Answer: A. Determining a SELECT query structure

26
Q

Which of the following issues can be detected when testers send long strings of junk data, similar to strings for detecting buffer overruns that throw SQL errors on a page?

A. Truncation
B. SQL injection
C. SQL modification
D. Input sanitization

A

Answer: A. Truncation

27
Q

Which of the following SQL injection queries is used by an attacker to extract table column names?

A. http://www.certifiedhacker.com/page.aspx?id=1 UNION SELECT ALL 1,column_name,3,4 from DB_NAME.information_schema.columns where table_name =’EMPLOYEE_TABLE’–
B. http://www.certifiedhacker.com/page.aspx?id=1 UNION SELECT ALL 1,COLUMN-NAME-1,3,4 from EMPLOYEE_NAME –
C. http://www.certifiedhacker.com/page.aspx?id=1 UNION SELECT ALL 1,TABLE_NAME,3,4 from sysobjects where xtype=char(85)–
D. http://www.certifiedhacker.com/page.aspx?id=1 UNION SELECT ALL 1,DB_NAME,3,4–

A

Answer: A. http://www.certifiedhacker.com/page.aspx?id=1 UNION SELECT ALL 1,column_name,3,4 from DB_NAME.information_schema.columns where table_name =’EMPLOYEE_TABLE’–

28
Q

In which of the following techniques does an attacker use logical requests such as AND/OR to bypass a firewall?

A. CRLF technique
B. Blind SQL injection
C. Normalization method
D. HPF technique

A

Answer: B. Blind SQL injection

29
Q

In which of the following database technologies is the SQL query [SELECT * FROM syscat.columns WHERE tabname= ‘tablename’] used for column enumeration?

A. MSSQL
B. Oracle
C. MySQL
D. DB2

A

Answer: D. DB2

30
Q

Which of the following operators is used for string concatenation in an Oracle database?

A. “ “&” “
B. ‘ ‘+’ ‘
C. ‘ ‘||’
D. concat(,)

A

Answer: C. ‘ ‘||’

31
Q

Which of the following queries is used to create a database account in Microsoft SQL Server?

A. exec sp_addlogin ‘victor’, ‘Pass123’ exec sp_addsrvrolemember ‘victor’, ‘sysadmin’
B. INSERT INTO mysql.user (user, host, password) VALUES (‘victor’, ‘localhost’, PASSWORD(‘Pass123’))
C. CREATE USER victor IDENTIFIED BY ‘Pass123’
D. CREATE USER victor IDENTIFIED BY Pass123 TEMPORARY TABLESPACE temp DEFAULT TABLESPACE users; GRANT CONNECT TO victor; GRANT RESOURCE TO victor;

A

Answer: A. exec sp_addlogin ‘victor’, ‘Pass123’ exec sp_addsrvrolemember ‘victor’, ‘sysadmin’

32
Q

Which of the following countermeasures allows developers to protect PL/SQL code from SQL injection attacks?

A. Maximize user inputs to dynamic SQL
B. Always use single quotes
C. Make use of bind parameters in dynamic SQL
D. Never sanitize user inputs before including them in dynamic SQL statements

A

Answer: C. Make use of bind parameters in dynamic SQL

33
Q

Which of the following MSSQL queries allows an attacker to perform column enumeration on a target database?

A. SELECT * FROM syscat.columns WHERE tabname= ‘tablename’
B. SELECT * FROM all_tab_columns WHERE table_name=’tablename’
C. SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘tablename’)
D. SELECT attnum,attname from pg_class, pg_attribute WHERE relname= ‘tablename’ AND pg_class.oid=attrelid AND attnum > 0

A

Answer: C. SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘tablename’)

34
Q

Identify in which stage of the SQL injection methodology is Shea right now.?

A. Information gathering and SQL injection vulnerability detection
B. Launch SQL injection attacks
C. Exploit second-order SQL injection
D. Perform blind SQL injection

A

Answer: A. Information gathering and SQL injection vulnerability detection

35
Q

William has been hired by the ITSec, Inc. to perform web application security testing. He wants to see if an SQL injection would be possible. As part of the testing, he tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances?

A. Semicolon
B. Single quote
C. Right square bracket
D. Double quote

A

Answer: B. Single quote, D. Double quote

36
Q

David, a penetration tester, was asked to check the MySQL database of the company for SQL injection attacks. He decided to check the back end database for a double blind SQL injection attack. Which of the following function David need to use to process the time delays which does not use the processor resources of the server?

A. benchmark()
B. mysql_query()
C. addcslashes()
D. sleep()

A

Answer: D. sleep()

37
Q

Which of the following tools does an attacker use to perform SQL injection exploitation through techniques such as union and blind SQL exploitation and bypass certain IPS/IDS rules with generic filters?

A. China Chopper
B. Weevely
C. Mole
D. Astra

A

Answer: C. Mole

38
Q

______ function is an IDS evasion technique that can be used to inject SQL statements into MySQL database without using double quotes.?

A. CHAR()
B. CHR()
C. CONV()
D. ASCIISTR()

A

Answer: A. CHAR()

39
Q

Which of the following DB2 queries allows an attacker to perform column enumeration on a target database?

A. SELECT * FROM all_tab_columns WHERE table_name=’tablename’
B. show columns from tablename
C. SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘tablename’) sp_columns tablename
D. SELECT * FROM syscat.columns WHERE tabname= ‘tablename’

A

Answer: D. SELECT * FROM syscat.columns WHERE tabname= ‘tablename’

40
Q

David, a penetration tester, wants to use a function which does not use the processor resources of the server for performing double blind SQL injection attack on a MySQL database. Which of the following function should he use?

A. benchmark()
B. mysql_query()
C. addcslashes()
D. sleep()

A

Answer: D. sleep()

41
Q

Which of the following tools is commonly used by attackers for SQL injection exploitation techniques such as union and blind SQL exploitation and to bypass certain IPS/IDS rules with generic filters?

A. China Chopper
B. Astra
C. Weevely
D. Mole

A

Answer: D. Mole

42
Q

In which of the following evasion techniques does an attacker use a WHERE statement that is always evaluated as “true” so that any mathematical or string comparison can be used, such as “’ or ‘1’=’1’”?

A. Null byte
B. Case variation
C. Variations
D. Declare variables

A

Answer: C. Variations

43
Q

Which of the following characters is used in an SQL injection query as a wildcard attribute indicator?

A. %
B. #
C. ‘ or “
D. /…/

A

Answer: A. %

44
Q

Williams, a professional hacker, targeted a web application that uses a MongoDB backend database. He used MongoDB operations such as $eq to create a malicious command to bypass the authentication process and exfiltrate the customers’ data stored in the database. What type of attack did Williams perform in the above scenario?

A. Smurf attack
B. NoSQL injection
C. LDAP injection
D. Command injection

A

Answer: B. NoSQL injection

45
Q

In which of the following database technologies is the SQL query [SELECT * FROM syscat.columns WHERE tabname=’tablename’] used for column enumeration?

A. DB2
B. Oracle
C. MySQL
D. MSSQL

A

Answer: A. DB2

46
Q

Which of the following database management systems contains the system table called “MsysObjects”?

A. MS Access
B. MySQL
C. MSSQL
D. Oracle

A

Answer: A. MS Access

47
Q

Shea is a licensed penetration tester who is testing an e-commerce website for SQL injection. After examining and listing all the input fields on the website, she tries to insert a string value in the CVV2 textbox, where a three-digit number is expected, and she ends up with an error message. In which stage of the SQL injection methodology is Shea right now?

A. Information gathering and SQL injection vulnerability detection
B. Exploit second-order SQL injection
C. Perform blind SQL injection
D. Launch SQL injection attacks

A

Answer: A. Information gathering and SQL injection vulnerability detection

48
Q

Which of the following functions can be used by an attacker to link a target SQL server’s database to the attacker’s own machine and retrieve data from the target SQL server database?

A. INTO OUTFILE()
B. CONVERT()
C. OPENROWSET()
D. LOAD_FILE()

A

Answer: A. INTO OUTFILE()

49
Q

William is performing black box penetration testing to test the security of a company’s web applications. He tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances?

A. Double quote
B. Semicolon
C. Single quote
D. Right square bracket

A

Answer: C. Single quote

50
Q

A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company’s time and money?

A. The tester needs to perform static code analysis as it covers the structural and statement coverage testing
B. The tester needs to perform dynamic code analysis as it uncovers bugs in the software system
C. The tester needs to perform dynamic code analysis as it finds and fixes the defects
D. The tester needs to perform static code analysis as it covers the executable file of the code

A

Answer: A. The tester needs to perform static code analysis as it covers the structural and statement coverage testing

51
Q

David is a penetration tester who is checking the MySQL database of a company for SQL injection attacks. He is looking for a double blind SQL injection attack and needs to use functions to process time delays. He wants to use a function that does not use the processor resources of the server. Which of the following function should David use?

A. addcslashes()
B. sleep()
C. mysql_query()
D. benchmark()

A

Answer: B. sleep()

52
Q

Robert, a penetration tester, is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that the web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes?

A. Alternate Encodings
B. Fuzzing Testing
C. Out of Band Exploitation
D. Stored Procedure Injection

A

Answer: B. Fuzzing Testing

53
Q

Williams, a professional hacker, targeted a web application that uses a MongoDB backend database. He employed MongoDB operations such as $eq to create a malicious command using which he could bypass the authentication process and exfiltrate the customers’ data stored in the database.

Which of the following attacks did Williams perform in the above scenario?

A. Smurf attack
B. Command injection
C. NoSQL injection
D. LDAP injection

A

Answer: C. NoSQL injection

54
Q

Which of the following functions can be used by an attacker to link a target SQL server’s database to the attacker’s own machine and retrieve data from the target SQL server database?

A. OPENROWSET()
B. LOAD_FILE()
C. CONVERT()
D. INTO OUTFILE()

A

Answer: A. OPENROWSET()

55
Q

Which of the following practices makes web applications vulnerable to SQL injection attacks?

A. Database server running OS commands
B. Implementing consistent coding standards
C. Firewalling the SQL server
D. Minimizing privileges

A

Answer: A. Database server running OS commands

56
Q

To defend against SQL injection, a developer needs to take proper actions in configuring and developing an application. Select all correct statements that help in defending against SQL injection attacks.?

A. Ensure that the Web configuration files for each application do not contain sensitive information.
B. Apply input validation only on the client-side.
C. Avoid constructing dynamic SQL with concatenated Input values.
D. Keep untrusted data separate from commands and queries.

A

Answer: A, C, D.

57
Q

Which of the following countermeasures prevents buffer overruns?

A. Keep untrusted data separate from commands and queries.
B. Apply the least privilege rule to run the applications that access the DBMS.
C. Use the most restrictive SQL account types for applications.
D. Test the size and data type of the input and enforce appropriate limits.

A

Answer: D. Test the size and data type of the input and enforce appropriate limits.

58
Q

Which of the following practices makes an organization’s database server vulnerable to SQL injection attacks?

A. Test the contents of string variables and accept only expected values.
B. Use the same database accounts for multiple applications.
C. Never build Transact-SQL statements directly from user input and use stored procedures to validate user input.
D. Reject entries that contain binary data, escape sequences, and comment characters.

A

Answer: B. Use the same database accounts for multiple applications.

59
Q

Which of the following practices helps security professionals protect an organization’s database from SQL injection attacks?

A. Never use a prepared statement to create a parameterized query.
B. Avoid using xp_cmdshell to control the interaction between the SQL server and components of other servers.
C. Enable shell access to the database.
D. Do not isolate the web server by locking it in different domains.

A

Answer: B. Avoid using xp_cmdshell to control the interaction between the SQL server and components of other servers.

60
Q

Which of the following tools is used to build rules that aim to detect SQL injection attacks?

A. Snort
B. SuperScan
C. Masscan
D. Nmap

A

Answer: A. Snort

61
Q

Which of the following commands has to be disabled to prevent exploitation at the OS level?

A. xp_cmdshell
B. cat
C. ping
D. execute

A

Answer: A. xp_cmdshell

CEH v12 Exam Prep "Hard" (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions