Database Questions and Answers – Application Security

Posted on by

This set of Database Multiple Choice Questions & Answers (MCQs) focuses on “Application Security”.

1. In _________________ attacks, the attacker manages to get an application to execute an SQL query created by the attacker.
a) SQL injection
b) SQL
c) Direct
d) Application
View Answer

Answer: a
Explanation: Application security has to deal with several security threats and issues beyond those handled by SQL authorization .
advertisement

2. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later displays it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: c
Explanation: In such an attack, a malicious user enters code written in a client-side scripting language such as JavaScript or Flash instead of entering a valid name or comment.

3. _________ is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: b
Explanation: Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF.

4. Many applications use _________________, where two independent factors are used to identify a user.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
View Answer

Answer: a
Explanation: The two factors should not share a common vulnerability.
advertisement

5. Even with two-factor authentication, users may still be vulnerable to_____________attacks.
a) Radiant
b) Cross attack
c) scripting
d) Man-in-the-middle
View Answer

Answer: d
Explanation: In such attacks, a user attempting to connect to the application is diverted to a fake Web site, which accepts the password from the user, and uses it immediately to authenticate to the original application.

6. A single ______________ further allows the user to be authenticated once, and multiple applications can then verify the user’s identity through an authentication service without requiring reauthentication.
a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: b
Explanation: Once the user logged in at one site, he does not have to enter his user name and password at other sites that use the same single sign-on service.

7. The ___________________ is a standard for exchanging authentication and authorization information between different security domains, to provide cross-organization single sign-on.
a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: c
Explanation: The user’s password and other authentication factors are never revealed to the application, and the user need not register explicitly with the application.
advertisement

8. The __________ standard is an alternative for single sign-on across organizations, and has seen increasing acceptance in recent years.
a) OpenID
b) Single-site system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: a
Explanation: The user’s password and other authentication factors are never revealed to the application, and the user need not register explicitly with the application.

9. _______________ allows a system administrator to associate a function with a relation; the function returns a predicate that must be added to any query that uses the relation.
a) OpenID
b) Single-site system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
View Answer

Answer: d
Explanation: Some database systems provide mechanisms for fine-grained authorization.

10. VPD provides authorization at the level of specific tuples, or rows, of a relation, and is therefore said to be a _____________ mechanism.
a) Row-level authorization
b) Column-level authentication
c) Row-type authentication
d) Authorization security
View Answer

Answer: a
Explanation: Oracle Virtual Private Database (VPD) allows a system administrator to associate a function with a relation.

Sanfoundry Global Education & Learning Series – Database Management System.

advertisement

Deep Dive @ Sanfoundry:

  1. C# Programming Examples on Inheritance
  2. Spring Questions and Answers
  3. SQL Server Questions and Answers
  4. Operating System Questions and Answers
  5. C# Programming Examples on Networking
  6. MongoDB Questions and Answers
  7. MySQL Database Questions and Answers
  8. Oracle Database Questions and Answers
  9. Cryptography and Network Security Questions and Answers
  10. Database Management System Questions and Answers
Manish Bhojasia, a technology veteran with 20+ years @ Cisco & Wipro, is Founder and CTO at Sanfoundry. He is Linux Kernel Developer and SAN Architect and is passionate about competency developments in these areas. He lives in Bangalore and delivers focused training sessions to IT professionals in Linux Kernel, Linux Debugging, Linux Device Drivers, Linux Networking, Linux Storage & Cluster Administration, Advanced C Programming, SAN Storage Technologies, SCSI Internals and Storage Protocols such as iSCSI & Fiber Channel. Stay connected with him below:
LinkedIn | Facebook | Twitter | Google+