Unit 5 Review

The following browser request displays the search results of all fiction books that are available to purchase from an online book store.

https://insecure-website.com/products?category=Fiction

Which of the following browser requests correctly attempts to use a SQL injection to extract additional data from the original request?

Which of the statements is true based on the following query?

SELECT name, occupation FROM Employee WHERE age < 45;

The name of the database is ‘occupation’.

There is a column for Employee in the table.

There is a column for age in the table.

The name of the database is name.

Which is not true according to the following query?

SELECT name FROM Users WHERE id = 90;

Which query will return the entire Gamers table?

Which type of SQL injection attack occurs by adding a condition that is always true to a query to extract additional information from the database?

Some of the best ways to prevent or at least mitigate a SQLi attack are to

A. Keep data separate from commands and queries

B. Use a safe API

C. Reduce the amount of SQL used overall

D. Use server-side input validation

E. Use other SQL controls to prevent mass disclosure of records

F. Avoid leaving any raw SQL in the code G. Have SQL reside behind multiple layers in the code base and not accessible by the site

Which operator means “not equal to” in SQL?

A database is always comprised of

Which term is used to describe the logical structure of a database?

In a database, columns and rows correspond to...