7.7 Software Security Review

Client-server applications

A. are any apps that run on personal devices and need access to resources from a server. (7.1)
B. are distributed resources across multiple apps or devices.
C. provide services such as data sharing and web pages.
D. include database, file, mail, print, web, and game servers
E. are also known as front-end and back-end applications.

The SQL query: SELECT name, id FROM Employee; will return

(7.3)

What happens during a SQLi attack? (7.5)

A. A malicious actor uses SQL to get the database to reveal its contents.
B. Nothing happens as this is an old form of attack and no longer relevant because of newer cybersecurity protocols.
C. Malicious SQL statements are placed somewhere within a web page or application’s input or URL.
D. Hackers can gain access to sensitive data, such as PII, credit card information, and login credentials.
E. This is considered a low-level attack and not destructive on a large scale so typically the most an attacker can do is render web pages differently to an end user.

Some of the best ways to prevent or at least mitigate a SQLi attack are to (7.6)

A. Keep data separate from commands and queries
B. Use a safe API
C. Reduce the amount of SQL used overall
D. Use server-side input validation
E. Use other SQL controls to prevent mass disclosure of records
F. Avoid leaving any raw SQL in the code
G. Have SQL reside behind multiple layers in the code base and not accessible by the site

Developer tools can help with

A. Testing and debugging a site or web app.
B. Diagnosing problems quickly on a site or web app.
C. Building and maintaining a more secure site or web app.
D. Modifying site or web app elements and sending the changes back to the server.
E. Changing code in real-time to see how it impacts the site or web app on the fly.

A database is always comprised of

(7.2)

In a database, columns and rows correspond to

(7.2)

Which term is used to describe the logical structure of a database?

(7.2)

Which operator means "not equal to” in SQL?