Database Questions and Answers – Application Security

This set of Database Multiple Choice Questions & Answers (MCQs) focuses on “Application Security”.

1. In _________________ attacks, the attacker manages to get an application to execute an SQL query created by the attacker.
a) SQL injection
b) SQL
c) Direct
d) Application
View Answer

Answer: a
Explanation: Application security has to deal with several security threats and issues beyond those handled by SQL authorization.

2. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later display it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: c
Explanation: In such an attack, a malicious user enters code written in a client-side scripting language such as JavaScript or Flash instead of entering a valid name or comment.

3. _________ is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: b
Explanation: Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF.
advertisement
advertisement

4. Many applications use _________________ where two independent factors are used to identify a user.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: a
Explanation: The two factors should not share a common vulnerability.

5. Even with two-factor authentication, users may still be vulnerable to_____________attacks.
a) Radiant
b) Cross attack
c) scripting
d) Man-in-the-middle
View Answer

Answer: d
Explanation: In such attacks, a user attempting to connect to the application is diverted to a fake Web site, which accepts the password from the user, and uses it immediately to authenticate to the original application.
Sanfoundry Certification Contest of the Month is Live. 100+ Subjects. Participate Now!

6. A single ______________ further allows the user to be authenticated once, and multiple applications can then verify the user’s identity through an authentication service without requiring reauthentication.
a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: b
Explanation: Once the user logged in at one site, he does not have to enter his user name and password at other sites that use the same single sign-on service.

7. The ___________________ is a standard for exchanging authentication and authorization information between different security domains, to provide cross-organization single sign-on.
a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: c
Explanation: The user’s password and other authentication factors are never revealed to the application, and the user need not register explicitly with the application.
advertisement

8. The __________ standard is an alternative for single sign-on across organizations, and has seen increasing acceptance in recent years.
a) OpenID
b) Single-site system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: a
Explanation: The user’s password and other authentication factors are never revealed to the application, and the user need not register explicitly with the application.

9. _______________ allows a system administrator to associate a function with a relation; the function returns a predicate that must be added to any query that uses the relation.
a) OpenID
b) Single-site system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: d
Explanation: Some database systems provide mechanisms for fine-grained authorization.
advertisement

10. VPD provides authorization at the level of specific tuples, or rows, of a relation, and is therefore said to be a _____________ mechanism.
a) Row-level authorization
b) Column-level authentication
c) Row-type authentication
d) Authorization security
View Answer

Answer: a
Explanation: Oracle Virtual Private Database (VPD) allows a system administrator to associate a function with a relation.

Sanfoundry Global Education & Learning Series – Database Management System.

advertisement
advertisement
Subscribe to our Newsletters (Subject-wise). Participate in the Sanfoundry Certification contest to get free Certificate of Merit. Join our social networks below and stay updated with latest contests, videos, internships and jobs!

Youtube | Telegram | LinkedIn | Instagram | Facebook | Twitter | Pinterest
Manish Bhojasia - Founder & CTO at Sanfoundry
Manish Bhojasia, a technology veteran with 20+ years @ Cisco & Wipro, is Founder and CTO at Sanfoundry. He lives in Bangalore, and focuses on development of Linux Kernel, SAN Technologies, Advanced C, Data Structures & Alogrithms. Stay connected with him at LinkedIn.

Subscribe to his free Masterclasses at Youtube & discussions at Telegram SanfoundryClasses.