Database Questions and Answers – Application Security

This set of Database Multiple Choice Questions & Answers (MCQs) focuses on “Application Security”.

1. In _________________ attacks, the attacker manages to get an application to execute an SQL query created by the attacker.
a) SQL injection
b) SQL
c) Direct
d) Application
View Answer

Answer: a
Explanation: Application security has to deal with several security threats and issues beyond those handled by SQL authorization.

2. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later display it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: c
Explanation: In such an attack, a malicious user enters code written in a client-side scripting language such as JavaScript or Flash instead of entering a valid name or comment.

3. _________ is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: b
Explanation: Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF.
advertisement

4. Many applications use _________________ where two independent factors are used to identify a user.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: a
Explanation: The two factors should not share a common vulnerability.

5. Even with two-factor authentication, users may still be vulnerable to_____________attacks.
a) Radiant
b) Cross attack
c) scripting
d) Man-in-the-middle
View Answer

Answer: d
Explanation: In such attacks, a user attempting to connect to the application is diverted to a fake Web site, which accepts the password from the user, and uses it immediately to authenticate to the original application.
Free 30-Day Java Certification Bootcamp is Live. Join Now!

6. A single ______________ further allows the user to be authenticated once, and multiple applications can then verify the user’s identity through an authentication service without requiring reauthentication.
a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: b
Explanation: Once the user logged in at one site, he does not have to enter his user name and password at other sites that use the same single sign-on service.

7. The ___________________ is a standard for exchanging authentication and authorization information between different security domains, to provide cross-organization single sign-on.
a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: c
Explanation: The user’s password and other authentication factors are never revealed to the application, and the user need not register explicitly with the application.

8. The __________ standard is an alternative for single sign-on across organizations, and has seen increasing acceptance in recent years.
a) OpenID
b) Single-site system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: a
Explanation: The user’s password and other authentication factors are never revealed to the application, and the user need not register explicitly with the application.

9. _______________ allows a system administrator to associate a function with a relation; the function returns a predicate that must be added to any query that uses the relation.
a) OpenID
b) Single-site system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: d
Explanation: Some database systems provide mechanisms for fine-grained authorization.
advertisement

10. VPD provides authorization at the level of specific tuples, or rows, of a relation, and is therefore said to be a _____________ mechanism.
a) Row-level authorization
b) Column-level authentication
c) Row-type authentication
d) Authorization security
View Answer

Answer: a
Explanation: Oracle Virtual Private Database (VPD) allows a system administrator to associate a function with a relation.

Sanfoundry Global Education & Learning Series – Database Management System.

advertisement
advertisement
Subscribe to our Newsletters (Subject-wise). Participate in the Sanfoundry Certification contest to get free Certificate of Merit. Join our social networks below and stay updated with latest contests, videos, internships and jobs!

Youtube | Telegram | LinkedIn | Instagram | Facebook | Twitter | Pinterest
Manish Bhojasia - Founder & CTO at Sanfoundry
I’m Manish - Founder and CTO at Sanfoundry. I’ve been working in tech for over 25 years, with deep focus on Linux kernel, SAN technologies, Advanced C, Full Stack and Scalable website designs.

You can connect with me on LinkedIn, watch my Youtube Masterclasses, or join my Telegram tech discussions.

If you’re in your 40s–60s and exploring new directions in your career, I also offer mentoring. Learn more here.