Computer Security; Principles and Practice|
Exam Questions with Complete Solutions 100%
Verified Newest 2025
Database - ANSWER A structured collection of data stored for use by one or more
applications
Database Management System (DBMS) - ANSWER A suite of programs for constructing
and maintaining the database and for offering ad hoc query facilities to multiple users
and applications
Query Language - ANSWER Provides a uniform interface to the database for users and
applications
Relation - ANSWER A flat table
Tuples - ANSWER Are rows
Attributes - ANSWER Are columns
Primary Key - ANSWER Is a portion of a row to be used to uniquely identify a row in a
table
Foreign Key - ANSWER Creates a relationship between two tables. Appears as attributes
in another table
View - ANSWER A virtual table. The result of a query that returns selected rows and
columns from one or more tables
, SQL - ANSWER A query language. Stands for Structured Query Language
SQLi User Input - ANSWER Attackers inject SQL commands via suitably crafted user input
SQLi Server Variables - ANSWER Attackers forge values that are placed in HTTP and
network headers. When the query to log the server variable is issued to the database,
the attack in the forged header is triggered
SQLi Second-order Injection - ANSWER Attack occurs when incomplete prevention
mechanisms against attacks are in place. Malicious user relies on data that is already
present within the system. So when the input modifies the query, it causes an attack
that doesn't come from the user, but the system itself
SQLi Cookies - ANSWER Attacker modifies cookies, to create a query based on the
cookies content
SQLi Physical User Input - ANSWER SQL injection that is made possible by supplying user
inputs that construct an attack outside the realm of web requests. This input could take
many forms, such as barcodes, RFID, or even paper forms which are scanned using
optical character recognition
Inband Attack - ANSWER An attack that used the same communication for injecting
code and retrieving results
Tautology (Inband) - ANSWER Injects code in one or more conditional statements so
they always evaluate to true to circumvent security measures
Exam Questions with Complete Solutions 100%
Verified Newest 2025
Database - ANSWER A structured collection of data stored for use by one or more
applications
Database Management System (DBMS) - ANSWER A suite of programs for constructing
and maintaining the database and for offering ad hoc query facilities to multiple users
and applications
Query Language - ANSWER Provides a uniform interface to the database for users and
applications
Relation - ANSWER A flat table
Tuples - ANSWER Are rows
Attributes - ANSWER Are columns
Primary Key - ANSWER Is a portion of a row to be used to uniquely identify a row in a
table
Foreign Key - ANSWER Creates a relationship between two tables. Appears as attributes
in another table
View - ANSWER A virtual table. The result of a query that returns selected rows and
columns from one or more tables
, SQL - ANSWER A query language. Stands for Structured Query Language
SQLi User Input - ANSWER Attackers inject SQL commands via suitably crafted user input
SQLi Server Variables - ANSWER Attackers forge values that are placed in HTTP and
network headers. When the query to log the server variable is issued to the database,
the attack in the forged header is triggered
SQLi Second-order Injection - ANSWER Attack occurs when incomplete prevention
mechanisms against attacks are in place. Malicious user relies on data that is already
present within the system. So when the input modifies the query, it causes an attack
that doesn't come from the user, but the system itself
SQLi Cookies - ANSWER Attacker modifies cookies, to create a query based on the
cookies content
SQLi Physical User Input - ANSWER SQL injection that is made possible by supplying user
inputs that construct an attack outside the realm of web requests. This input could take
many forms, such as barcodes, RFID, or even paper forms which are scanned using
optical character recognition
Inband Attack - ANSWER An attack that used the same communication for injecting
code and retrieving results
Tautology (Inband) - ANSWER Injects code in one or more conditional statements so
they always evaluate to true to circumvent security measures
