Details of this Paper

is an area created to protect internal computer networks from the Internet by placing servers




Question;Question 1 (5 points) ____________ is an area created to protect internal computer networks from the Internet by placing servers that are providing web services between two firewalls?one between the web server and the internal network, and one betweenthe web server and the Internet. Question 1 options: DMZ Firewall Domain Safe Zone Question 2 (5 points) What is the major difference between an SQL injection attack and a blind SQL injection attack? Question 2 options: Informational error messages are notdisplayed in blind SQL injection attacks. Informational error messages are displayed in blind SQL injection attacks. Informational error messages are not displayed in SQL injection attacks. Blind SQL injection attacks are faster than SQL injection attacks.Question 3 (5 points) When performing SQL injection attacks against an Oracle database, the attacker can add ____________ statements to an existing statement to cause a second statement to execute. Question 3 options: SELECT SUBSELECT INSERT UNION Question 4 (5 points) Using PL/SQL injection, attackers can potentially elevate their level of privilege from a low-level public account to an account with ____________ privileges. Question 4 options: TNS-level ROOT-level SA-level DBA-level Question 5 (5 points) Hiddendatabase instances can be extracted if the SQL Server is run on port ____________. Question 5 options: 1434(###) ###-####1343 Question 6 (5 points) In Oracle, ____________ access control limits privileges to minimum-required operations and data. Question 6 options:query-level user-level select-level root-level Question 7 (5 points) An attacker can retrieve data by using ____________ messages produced by the SQL Server. Question 7 options: SQL error fingerprint status Question 8 (5 points) ____________ is an Oracle-built user that holds information about the stored outlines. Question 8 options: OUTLN STRD OUTUSR STROUT Question 9 (5 points) This SQL enumeration tool is used to find SQL Server systems and extract their version numbers. Question 9 options: SQLping SQLenum SQLSlammerSQLExtract Question 10 (5 points) This SQL command can be used to retrieve targeted rows and columns by specifying row and column names. Question 10 options: UNION GET stored procedure SELECT Question 11 (5 points) Attackers can crack ____________ passwordsto gain access to SQL Server databases using tools like SQLping, AppDetective, and NGSSQLCrack. Question 11 options: administrator sa root su Question 12 This feature of Microsoft SQL Server, vulnerable to buffer overflow attacks, allows an attacker to runarbitrary code by using a specially crafted request to UDP port 1434. Question 12 options: stored procedure SQL Server Resolution Service SC Sweeping Services OSQL ?L Probing Question 13 Which of the following are recommend best practices for defending againstSQL injection attacks? (Select all that apply.) Question 13 options: Minimize privileges. Use regular expressions. Firewall the SQL Server. Use dynamic SQL. Question 14 Which of the following tools is used in blind SQL injection testing? Question 14 options:SQLping SQLmap SQL injector Absinthe Question 15 What mechanism does MySQL use to prevent SQL injection attacks? Question 15 options: It replaces double quotation marks with escaped single quotation marks. It returns an error when UNION occurs between twocolumns of different types. It replaces single quotation marks with escaped double quotation marks. It replaces single quotation marks with escaped single quotation marks. Question 16 Once an Oracle database server has been traced, the first port of call ismade to the ____________ listener. Question 16 options: SQL TCP TNS PL/SQL Question 17 This is a validation control mechanism that is used to check for SQL-specific metacharacters like single quotation marks or double dashes. Question 17 options: exceptionsstored procedure regular expressions SQL filter Question 18 To help prevent SQL injection attacks, all ____________ should be validated before being transmitted to the server. Question 18 options: TCP packets session IDs user input passwords Question 19 (5points) The Voyager Beta Worm uses default accounts and passwords to attack Oracle servers. First, the worm will attempt to establish a connection to the port where Oracle listens. If Oracle is listening, the Voyager Beta Worm will connect to port ____________.Question 19 options: 1433 1521 445 220 Question 20 (5 points) ____________ is a command-line interface for a Microsoft SQL Server that allows an attacker to execute commands on the underlying operating system, execute SQL queries, and upload files to a remoteserver. SQL_Shell OSQL ?L Probing SQLSmack SQLExecS


Paper#36357 | Written in 18-Jul-2015

Price : $31