To lower the chance of remote execution attacks, one should:

Use older systems that have been tested

Use Linux if system calls must be made

In regards to Command Execution attacks, sanitization can involve:

Comparing input against known safe characters

Preventing input for system commands

The best ways to protect against command execution include:

Running With Restricted Permissions

How can clickjacking be used to steal a user's password?

By putting a fake login overlay for the username and password field.

By grabbing the credentials when the user clicks "submit"

By recording the keystrokes on said webpage

Making a copy of the user's cookies when they submit the login information

Protecting against CSRF (commonly pronounced “sea-surf”) requires two things:

Non-GET requests can only originate from the client

GET requests are side-effect free

POST requests are side-effect free

What benefit does REST provide?

Ensuring GET requests can only view data

Properly ending a script upon execution

Encodes GET requests so only the server can view information

../ The above is a way of telling a system what

Show all folders in a directory

What is indirection in relation to directory traversal and preventative measures?

Renaming a file to a more secure name and looking up said name when file must be accessed

Relocating the file to a different hard drive away from the web server

Redirecting users to a file through a third party platform, such as Google Drive

What's the difference between (Cross Site Scripted) XSS and Reflected XSS? (More than 1 answer!)

XSS is generally a more permanent/persistent type of attack

Reflected XSS generally relies on user input being sent back to the user as part of the attack

XSS tends to have a wider reach than Reflected XSS

Reflected XSS is more dangerous

What is a URI Fragment?

The first part of a URL (ex: http or https)

The directory of a url excluding the site's name

Any of the breakable components found within a URL

What's the biggest danger with DOM-based XSS attacks?

They can't be detected server-side

They are rare but extremely powerful

Security Through Obscurity (Select two!)

Involves the goal of hiding content as a means of security

Is not a recommended strategy approach

Is a recommended strategy approach

Involves the goal of removing access to non-vital content as a means of security

Access Control Strategies should cover:

Authentication, Authorization, Permission Checking

Authorization, Permission Checking, Sanitation

Authentication, Authorization, Sanitation

Permission Checking, Sanitation, Integrity Validation

Ruby on Rails had a particularly nasty exploit known as Mass Assignment. What was that?

The hacker could use http requests to overwrite protected data

The hacker could assign new passwords to any admin account

The hacker could use http requests to view private data

The hack could reset passwords to any admin account

What was the danger of XcodeGhost?

Developers would inject malicious payloads into their app without ever realizing it

Developers would find their project files suddenly deleted

Developers would find their in-app purchases being distributed to people overseas rather than their bank accounts

Sessions IDs are best passed in what way?

Through the header of a GET request

What happens if you have weak session IDs for your application or site?

They may hijack a user's session

They can steal a user's password

They can delete all of the sessions

The best way to prevent against SQL Injection is:

Using parameterized statements in your code.

Frequently rotating your database passwords.

Moving your database to a separate server.

Hacksplaining

Quiz

•

Computers

•

11th - 12th Grade

•

Practice Problem

•

Hard

Used 13+ times

FREE Resource

41 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

SELECT *
FROM users
WHERE email = 'user@email.com'
AND pass = '' or 1=1--' LIMIT 1

This is an example of...

SQL Injection

Cross Site Scripting

Session Fixation

Broken Access Control

2.

MULTIPLE SELECT QUESTION

1 min • 1 pt

SQL Injection Can Be Used To...

Extract sensitive information

Enumerate the authentication details of users registered on a website

Delete data or drop tables

Inject further malicious code

3.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

SQL Injection is relatively uncommon nowadays.

True

False

4.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Programming languages talk to databases through:

Database Drivers

Custom API Requests

Direct Communication

Quantum Relays

5.

MULTIPLE SELECT QUESTION

1 min • 1 pt

What are parameterized statements? (More than 1 answer!)

A method for providing SQL statements in a safe, secure manner

A method for providing SQL statements that is unsafe

The SQL command is passed separately from the data to be executed

The SQL command is passed together with the data to be executed

6.

MULTIPLE SELECT QUESTION

1 min • 1 pt

A website that allows users to embed their own Javascript code will be vulnerable to:

(More than 1 possible answer!)

Cross Site Scripting

Session Hijacking

DDOS

Broken Access Control

7.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A website converts website names to IP addresses using the nslookup command.

On the website, the hacker types into the box "google.com && echo "Hello"

What is this an example of?

Command Execution

Cross Site Scripting

Broken Access Control

Open Redirects

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

40 questions

đề cương tin học cuối kì 2 (11)

Quiz

•

11th Grade

40 questions

PRE TEST_OS_MIDTERMS

Quiz

•

12th Grade

40 questions

National 5 Computing Science - Revision 2

Quiz

•

10th - 12th Grade

40 questions

Midterm วิชา การตลาดออนไลน์

Quiz

•

11th Grade

40 questions

ข้อสอบปลายภาควิชาการออกแบบสิ่งพิมพ์

Quiz

•

10th Grade - University

41 questions

Penjelasan Materi ASJ (Email Server dan Database Server)

Quiz

•

11th Grade

40 questions

PHP Programming - Assessment

Quiz

•

9th - 12th Grade

40 questions

[SMP-IX] ASAS 2024 Ganjil

Quiz

•

9th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

18 questions

[AP CSP] JavaScript Programming Lesson 2025-2026

Lesson

•

9th - 12th Grade

Hacksplaining

41 questions

SELECT * FROM users WHERE email = 'user@email.com' AND pass = '' or 1=1--' LIMIT 1This is an example of...

SQL Injection Can Be Used To...

SQL Injection is relatively uncommon nowadays.

Programming languages talk to databases through:

What are parameterized statements? (More than 1 answer!)

A website that allows users to embed their own Javascript code will be vulnerable to: (More than 1 possible answer!)

A website converts website names to IP addresses using the nslookup command. On the website, the hacker types into the box "google.com && echo "Hello"What is this an example of?

To lower the chance of remote execution attacks, one should:

In regards to Command Execution attacks, sanitization can involve:

The best ways to protect against command execution include:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

SELECT *
FROM users
WHERE email = 'user@email.com'
AND pass = '' or 1=1--' LIMIT 1

This is an example of...

A website that allows users to embed their own Javascript code will be vulnerable to:

(More than 1 possible answer!)

A website converts website names to IP addresses using the nslookup command.

On the website, the hacker types into the box "google.com && echo "Hello"

What is this an example of?