RDBMS Questions and Answers – Application Security

«
»

This set of RDBMS Multiple Choice Questions & Answers (MCQs) focuses on “Application Security”.

1. If an attacker manages to get an application to execute an SQL query created by the attacker, then such attacks are called as _________
a) SQL attacks
b) SQL injection attacks
c) SQL usage attack
d) SQL destroyer attack
View Answer

Answer: b
Explanation: If an attacker manages to get an application to execute an SQL query created by the attacker, then such attacks are called as SQL injection attacks.
advertisement

2. An attack on a website that stores and displays text to a user is known as ______ attack
a) SQL attack
b) XSS attack
c) XRP attack
d) None of the mentioned
View Answer

Answer: b
Explanation: An attack on a website that stores and displays text to a user is known as XSS attack. It is called as cross site scripting attack.

3. The URL of the page that had the link that the user clicked to access the page is called as _____
a) Source
b) Linker
c) Leaker
d) Referrer
View Answer

Answer: d
Explanation: The URL of the page that had the link that the user clicked to access the page is called as referrer. The HTTP protocol allows the server to check the referrer.

4. State true or false: Password leakage is a major security problem
a) True
b) False
View Answer

Answer: a
Explanation: Password leakage is a major security problem because the leaked password grants access to malicious visitors.

5. The system where two independent pieces of data are used to identify a user is called as ______
a) Two system authentication
b) ID password authentication
c) Two factor authentication
d) Multi data authentication
View Answer

Answer: c
Explanation: The system where two independent pieces of data are used to identify a user is called as two-factor authentication. The two factors should not share a common vulnerability.
advertisement

6. What are man in the middle attacks?
a) Users are forced to use a second server which causes the attack
b) Users are forced to divert to a fake site where the attack takes place
c) Users are fooled by similar GUI and data is extracted from them.
d) None of the mentioned
View Answer

Answer: b
Explanation: Man in the middle attacks are those attacks in which the users are forced to divert to a fake site where the attack takes place. The fake site is then used to obtain the data from the user.

7. What are phishing attacks?
a) Users are forced to use a second server which causes the attack
b) Users are forced to divert to a fake site where the attack takes place
c) Users are fooled by similar GUI and data is extracted from them.
d) None of the mentioned
View Answer

Answer: c
Explanation: Phishing attacks are those attacks in which users are fooled by similar GUI and data is extracted from them. The fake site is then used to obtain the data from the user.

8. What is the standard for exchanging authentication and authorization information between two different security domains?
a) SABM
b) STML
c) SPTA
d) SAML
View Answer

Answer: d
Explanation: SAML (Security assertion Markup Language) is the standard for exchanging authentication and authorization information between two different security domains. This provides a cross-organization sign-on.

9. A log of all changes to the application data is called as __________
a) Audit trail
b) Audit log
c) Audit lead
d) Data log
View Answer

Answer: a
Explanation: A log of all changes to the application data is called as audit trail. This helps us maintain security as it tracks all the breaches on the system.
advertisement

10. Which of the following is a valid encryption technique?
a) Parallel key encryption
b) Public key encryption
c) Systematic key encryption
d) All of the mentioned
View Answer

Answer: b
Explanation: Out of the given options, only public key encryption is a valid approach to an encryption technique. In this, there are two different keys to encrypt the data.

Sanfoundry Global Education & Learning Series – RDBMS.

To practice all areas of RDBMS, here is complete set of 1000+ Multiple Choice Questions and Answers.

Participate in the Sanfoundry Certification contest to get free Certificate of Merit. Join our social networks below and stay updated with latest contests, videos, internships and jobs!

advertisement
advertisement
advertisement
Manish Bhojasia, a technology veteran with 20+ years @ Cisco & Wipro, is Founder and CTO at Sanfoundry. He is Linux Kernel Developer & SAN Architect and is passionate about competency developments in these areas. He lives in Bangalore and delivers focused training sessions to IT professionals in Linux Kernel, Linux Debugging, Linux Device Drivers, Linux Networking, Linux Storage, Advanced C Programming, SAN Storage Technologies, SCSI Internals & Storage Protocols such as iSCSI & Fiber Channel. Stay connected with him @ LinkedIn