SQL Injection Interview Questions

SQL Injection interview questions

Take as many assements as you can to improve your validate your skill rating

Total Questions: 5

1. SQL injection is an attack in which _________ code is inserted into strings that are later passed to an instance of SQL Server.

A. malicious

B. redundant

C. clean

D. non malicious

Correct Answer is : malicious

2. Point out the correct statement :

A. Parameterized data cannot be manipulated by a skilled and determined attacker

B. Procedure that constructs SQL statements should be reviewed for injection vulnerabilities

C. The primary form of SQL injection consists of indirect insertion of code

D. None of the mentioned

Correct Answer is : Procedure that constructs SQL statements should be reviewed for injection vulnerabilities

3. Any user-controlled parameter that gets processed by the application includes vulnerabilities like :

A. Host-related information

B. Browser-related information

C. Application parameters included as part of the body of a POST request

D. All of the mentioned

Correct Answer is : All of the mentioned

4. Point out the wrong statement :

A. SQL injection vulnerabilities occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized

B. SQL injection allows an attacker to access the SQL servers and execute SQL code under the privileges of the user used to connect to the database

C. The use of PL-SQL opens the door to these vulnerabilities

D. None of the mentioned

Correct Answer is : The use of PL-SQL opens the door to these vulnerabilities

5. Which of the stored procedure is used to test SQL injection attack ?

A. xp_write

B. xp_regwrite

C. xp_reg

D. All of the mentioned

Correct Answer is : xp_regwrite

SQL Injection interview questions