Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

HTB - Academy > SQL INJECTION FUNDAMENTALS 3-MySQL > Flashcards

SQL INJECTION FUNDAMENTALS 3-MySQL Flashcards

1
Q

What is the primary function of a database in a web application?

  • A. Store static HTML pages
  • B. Store and retrieve data related to the web application
  • C. Host the web application
  • D. Manage user sessions
A

Correct Answer: B. Store and retrieve data related to the web application

Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SQL injection (SQLi)?

  • A. A method to enhance database performance
  • B. An attack that allows users to execute unintended SQL queries
  • C. A technique for data backup
  • D. A process to encrypt database queries
A

Correct Answer: B. An attack that allows users to execute unintended SQL queries

Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is NOT a type of injection vulnerability?

  • A. HTTP injection
  • B. Code injection
  • C. Command injection
  • D. Data injection
A

Correct Answer: D. Data injection

Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a common method attackers use to exploit SQL injection vulnerabilities?

  • A. Encrypting SQL queries
  • B. Injecting a single quote (‘)
  • C. Using secure coding practices
  • D. Validating user input
A

Correct Answer: B. Injecting a single quote (‘)

Explanation: Attackers often use single quotes to manipulate the SQL query structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What can be a significant impact of a successful SQL injection attack?
* A. Improved website performance
* B. Enhanced user experience
* C. Data breaches and unauthorized access
* D. Better database organization

A

Correct Answer: C. Data breaches and unauthorized access

Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can SQL injection attacks be prevented?

  • A. By using weak passwords
  • B. By allowing direct database access
  • C. Through user input sanitization and validation
  • D. By disabling database backups
A

Correct Answer: C. Through user input sanitization and validation

Explanation: Properly sanitizing and validating user inputs can prevent SQL injection vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the UNION clause in SQL injection?

  • A. To enhance database security
  • B. To combine the results of multiple queries
  • C. To encrypt database tables
  • D. To delete database records
A

Correct Answer: B. To combine the results of multiple queries

Explanation: The UNION clause allows an attacker to combine results from multiple queries in SQL injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of information can be retrieved through SQL injection?

  • A. Publicly available information
  • B. Sensitive information like user logins and credit card details
  • C. HTML content
  • D. CSS styles
A

Correct Answer: B. Sensitive information like user logins and credit card details

Explanation: SQL injections can expose sensitive information stored in the database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are stacked queries in the context of SQL injection?

  • A. Queries that are encrypted
  • B. Multiple SQL statements executed in one go
  • C. Queries that enhance database performance
  • D. Queries that prevent SQL injection
A

Correct Answer: B. Multiple SQL statements executed in one go

Explanation: Stacked queries allow multiple SQL commands to be executed in a single query, which can be exploited in SQL injection attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why is user input validation important in preventing SQL injection?

  • A. It improves database performance
  • B. It ensures only intended data is processed
  • C. It simplifies database queries
  • D. It enhances the user interface
A

Correct Answer: B. It ensures only intended data is processed

Explanation: Validating user input ensures that only appropriate and safe data is processed by the database, preventing malicious inputs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the primary function of a database in a web application?

  • A. Store static HTML pages
  • B. Store and retrieve data related to the web application
  • C. Host the web application
  • D. Manage user sessions
A

Correct Answer: B. Store and retrieve data related to the web application

Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is SQL injection (SQLi)?

  • A. A method to enhance database performance
  • B. An attack that allows users to execute unintended SQL queries
  • C. A technique for data backup
  • D. A process to encrypt database queries
A

Correct Answer: B. An attack that allows users to execute unintended SQL queries

Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is NOT a type of injection vulnerability?

  • A. HTTP injection
  • B. Code injection
  • C. Command injection
  • D. Data injection
A

Correct Answer: D. Data injection

Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a common method attackers use to exploit SQL injection vulnerabilities?

  • A. Encrypting SQL queries
  • B. Injecting a single quote (‘)
  • C. Using secure coding practices
  • D. Validating user input
A

Correct Answer: B. Injecting a single quote (‘)

Explanation: Attackers often use single quotes to manipulate the SQL query structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can be a significant impact of a successful SQL injection attack?
* A. Improved website performance
* B. Enhanced user experience
* C. Data breaches and unauthorized access
* D. Better database organization

A

Correct Answer: C. Data breaches and unauthorized access

Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can SQL injection attacks be prevented?

  • A. By using weak passwords
  • B. By allowing direct database access
  • C. Through user input sanitization and validation
  • D. By disabling database backups
A

Correct Answer: C. Through user input sanitization and validation

Explanation: Properly sanitizing and validating user inputs can prevent SQL injection vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the purpose of the UNION clause in SQL injection?

  • A. To enhance database security
  • B. To combine the results of multiple queries
  • C. To encrypt database tables
  • D. To delete database records
A

Correct Answer: B. To combine the results of multiple queries

Explanation: The UNION clause allows an attacker to combine results from multiple queries in SQL injection.

18
Q

What type of information can be retrieved through SQL injection?

  • A. Publicly available information
  • B. Sensitive information like user logins and credit card details
  • C. HTML content
  • D. CSS styles
A

Correct Answer: B. Sensitive information like user logins and credit card details

Explanation: SQL injections can expose sensitive information stored in the database.

19
Q

What are stacked queries in the context of SQL injection?

  • A. Queries that are encrypted
  • B. Multiple SQL statements executed in one go
  • C. Queries that enhance database performance
  • D. Queries that prevent SQL injection
A

Correct Answer: B. Multiple SQL statements executed in one go

Explanation: Stacked queries allow multiple SQL commands to be executed in a single query, which can be exploited in SQL injection attacks.

20
Q

Why is user input validation important in preventing SQL injection?

  • A. It improves database performance
  • B. It ensures only intended data is processed
  • C. It simplifies database queries
  • D. It enhances the user interface
A

Correct Answer: B. It ensures only intended data is processed

Explanation: Validating user input ensures that only appropriate and safe data is processed by the database, preventing malicious inputs.

21
Q

What is the primary function of a relational database in a web application?

  • A. To store and serve static content like HTML and CSS files
  • B. To host the web application on a remote server
  • C. To manage and organize dynamic data related to the application
  • D. To provide real-time analytics and data visualization
A

Correct Answer: C. To manage and organize dynamic data related to the application

Explanation: Relational databases are used to store, organize, and manage dynamic data that is crucial for the functioning of web applications.

22
Q

What distinguishes SQL injection from other types of injection attacks?

  • A. It targets web applications using client-side scripts
  • B. It manipulates the SQL queries executed by the database
  • C. It exploits vulnerabilities in the server operating system
  • D. It affects only non-relational databases
A

Correct Answer: B. It manipulates the SQL queries executed by the database

Explanation: SQL injection specifically involves manipulating the SQL queries made to the database, allowing attackers to execute unintended commands.

23
Q

In the context of relational databases, what is the role of a primary key?

  • A. To encrypt sensitive data in the table
  • B. To uniquely identify each record in the table
  • C. To link multiple databases together
  • D. To provide default values for columns
A

Correct Answer: B. To uniquely identify each record in the table .

Explanation: A primary key uniquely identifies each record in a table, ensuring that each entry is distinct and can be referenced individually

24
Q

How can an attacker use the UNION clause in a SQL injection attack?
* A. To drop database tables
* B. To combine results from multiple queries into a single result set
* C. To execute server-side scripts
* D. To encrypt the database schema

A

Correct Answer: B. To combine results from multiple queries into a single result set

Explanation: The UNION clause in SQL can be exploited to combine the results of multiple queries, potentially revealing unintended data.

25
Q

What is a common defense mechanism against SQL injection attacks?
* A. Using complex passwords for database access
* B. Storing all data in encrypted form
* C. Implementing input validation and parameterized queries
* D. Limiting the size of database tables

A

Correct Answer: C. Implementing input validation and parameterized queries

Explanation: Input validation and parameterized queries ensure that user inputs are properly sanitized, preventing SQL injection attacks.

26
Q

When using the SELECT statement, how can you limit the number of rows returned by the query?

  • A. By using the DISTINCT keyword
  • B. By specifying a column name in the WHERE clause
  • C. By using the LIMIT clause with a specified number
  • D. By ordering the results in descending order
A

Correct Answer: C. By using the LIMIT clause with a specified number

Explanation: The LIMIT clause restricts the number of rows returned by a SELECT query, which is useful for managing large result sets.

27
Q

What is the purpose of the ORDER BY clause in a SQL query?

  • A. To filter records based on specific conditions
  • B. To sort the result set in ascending or descending order
  • C. To group records with similar values
  • D. To perform mathematical operations on the result set
A

Correct Answer: B. To sort the result set in ascending or descending order

Explanation: The ORDER BY clause is used to sort the records in the result set based on one or more columns, either in ascending or descending order.

28
Q

How can you retrieve only the distinct values from a specific column in a SQL query?

  • A. By using the WHERE clause
  • B. By using the DISTINCT keyword
  • C. By combining multiple SELECT statements
  • D. By setting a default value for the column
A

Correct Answer: B. By using the DISTINCT keyword

Explanation: The DISTINCT keyword is used in SQL to return only distinct (unique) values from a specified column, eliminating duplicates.

29
Q

What is the function of the LIKE clause in SQL?

  • A. To compare values exactly
  • B. To match values against a pattern using wildcards
  • C. To combine results from different tables
  • D. To perform arithmetic operations on columns
A

Correct Answer: B. To match values against a pattern using wildcards

Explanation: The LIKE clause is used in SQL to search for a specified pattern in a column, using wildcards such as % and _ to define the pattern.

30
Q

Why is it important to include the WHERE clause in an UPDATE statement?

  • A. To specify the table to be updated
  • B. To limit the records that will be updated based on a condition
  • C. To ensure all columns are updated
  • D. To define the new values for the columns
A

Correct Answer: B. To limit the records that will be updated based on a condition

Explanation: The WHERE clause is crucial in an UPDATE statement to specify which records should be updated, preventing unintentional changes to all records in the table.

31
Q

What SQL statement would you use to add a new column named ‘email’ to an existing table ‘users’?

  • A. INSERT COLUMN email TO users
  • B. MODIFY TABLE users ADD COLUMN email VARCHAR(255)
  • C. ALTER TABLE users ADD COLUMN email VARCHAR(255)
  • D. UPDATE TABLE users SET COLUMN email VARCHAR(255)
A

Correct Answer: C. ALTER TABLE users ADD COLUMN email VARCHAR(255)

Explanation: The ALTER TABLE statement is used to add, delete, or modify columns in an existing table.

32
Q

In a SQL injection attack, what is the purpose of using the comment symbol (–)?

  • A. To encrypt the query
  • B. To terminate the current SQL statement
  • C. To add a new line in the query
  • D. To specify a condition
A

Correct Answer: B. To terminate the current SQL statement

Explanation: The comment symbol (–) is used to terminate the rest of the SQL query, allowing the attacker to control the execution flow.

33
Q

Which SQL clause is used to filter records based on a specified condition?

  • A. GROUP BY
  • B. ORDER BY
  • C. WHERE
  • D. HAVING
A

Correct Answer: C. WHERE

Explanation: The WHERE clause is used to filter records based on a specified condition in SQL queries.

34
Q

How would you select all users from a table ‘logins’ whose username starts with ‘admin’?

  • A. SELECT * FROM logins WHERE username LIKE ‘admin%’
  • B. SELECT * FROM logins WHERE username = ‘admin’
  • C. SELECT * FROM logins WHERE username CONTAINS ‘admin’
  • D. SELECT * FROM logins WHERE username = ‘admin*’
A

Correct Answer: A. SELECT * FROM logins WHERE username LIKE ‘admin%’

Explanation: The LIKE clause with the wildcard ‘%’ is used to match any sequence of characters starting with ‘admin’.

35
Q

What is the result of the following query: SELECT 1 = 1 AND ‘a’ = ‘a’;

  • A. 1
  • B. 0
  • C. TRUE
  • D. FALSE
A

Correct Answer: A. 1

Explanation: In SQL, 1 represents true. Since both conditions in the AND operator are true, the result is 1.

36
Q

How can you ensure a column ‘user_id’ in a table ‘users’ only contains unique values?

  • A. By using the DISTINCT keyword
  • B. By setting the column as PRIMARY KEY
  • C. By using the UNIQUE constraint
  • D. By setting a default value
A

Correct Answer: C. By using the UNIQUE constraint

Explanation: The UNIQUE constraint ensures that all values in a column are different from each other.

37
Q

What does the following SQL query do: SELECT * FROM logins WHERE username != ‘john’ AND id > 1;

  • A. Selects all records where the username is ‘john’ and id is greater than 1
  • B. Selects all records where the username is not ‘john’ and id is greater than 1
  • C. Selects all records where the username is ‘john’ or id is greater than 1
  • D. Selects all records where the username is not ‘john’ or id is greater than 1
A

Correct Answer: B. Selects all records where the username is not ‘john’ and id is greater than 1

Explanation: The query filters records based on both conditions using the AND operator.

38
Q

What is the effect of the LIMIT clause in a SQL query?

  • A. It limits the columns that are returned in the result set
  • B. It limits the number of rows that are returned in the result set
  • C. It limits the number of queries that can be run simultaneously
  • D. It limits the execution time of the query
A

Correct Answer: B. It limits the number of rows that are returned in the result set

Explanation: The LIMIT clause restricts the number of rows returned by a query.

39
Q

Which SQL operator would you use to check if a value is within a range of values?

  • A. BETWEEN
  • B. IN
  • C. LIKE
  • D. EXISTS
A

Correct Answer: A. BETWEEN

Explanation: The BETWEEN operator is used to filter the result set within a certain range.

40
Q

How do you rename an existing table ‘old_table’ to ‘new_table’ in SQL?

  • A. UPDATE old_table SET name = ‘new_table’
  • B. ALTER TABLE old_table RENAME TO new_table
  • C. RENAME TABLE old_table TO new_table
  • D. MODIFY TABLE old_table TO new_table
A

Correct Answer: C. RENAME TABLE old_table TO new_table

Explanation: The RENAME TABLE statement is used to change the name of an existing table.

HTB - Academy (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions