Nanne Baars
GitHub
parent
641f24df9d
commit
e2f80b18e2
@ -1,13 +1,15 @@
|
|||||||
{
|
{
|
||||||
"questions": [{
|
"questions": [
|
||||||
|
{
|
||||||
"text": "What is the difference between a prepared statement and a statement?",
|
"text": "What is the difference between a prepared statement and a statement?",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "Prepared statements are statements with hard-coded parameters.",
|
"1": "Prepared statements are statements with hard-coded parameters.",
|
||||||
"2": "Prepared statements are not stored in the database.",
|
"2": "Prepared statements are not stored in the database.",
|
||||||
"3": "A statement is faster.",
|
"3": "A statement is faster executes faster than a prepared statement.",
|
||||||
"4": "A statement has got values instead of a prepared statement"
|
"4": "A statement includes actual values, whereas a prepared statement uses placeholders."
|
||||||
}
|
}
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"text": "Which one of the following characters is a placeholder for variables?",
|
"text": "Which one of the following characters is a placeholder for variables?",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "*",
|
"1": "*",
|
||||||
@ -15,29 +17,33 @@
|
|||||||
"3": "?",
|
"3": "?",
|
||||||
"4": "!"
|
"4": "!"
|
||||||
}
|
}
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"text": "How can prepared statements be faster than statements?",
|
"text": "How can prepared statements be faster than statements?",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "They are not static so they can compile better written code than statements.",
|
"1": "Prepared statements are not static, allowing them to be optimized more efficiently than regular statements.",
|
||||||
"2": "Prepared statements are compiled once by the database management system waiting for input and are pre-compiled this way.",
|
"2": "Prepared statements are compiled once by the database management system and then reused with different inputs, reducing compilation overhead.",
|
||||||
"3": "Prepared statements are stored and wait for input it raises performance considerably.",
|
"3": "Since prepared statements are stored and wait for input, they improve performance significantly.",
|
||||||
"4": "Oracle optimized prepared statements. Because of the minimal use of the databases resources it is faster."
|
"4": "Oracle optimizes prepared statements, making them faster by minimizing the use of database resources."
|
||||||
}
|
}
|
||||||
}, {
|
},
|
||||||
"text": "How can a prepared statement prevent SQL-Injection?",
|
{
|
||||||
|
"text": "How do prepared statements help prevent SQL injection?",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "Prepared statements have got an inner check to distinguish between input and logical errors.",
|
"1": "Prepared statements have built-in mechanisms to distinguish between user input and SQL logic, preventing malicious manipulation.",
|
||||||
"2": "Prepared statements use the placeholders to make rules what input is allowed to use.",
|
"2": "Prepared statements use placeholders to enforce rules on allowed input, reducing the risk of SQL injection.",
|
||||||
"3": "Placeholders can prevent that the users input gets attached to the SQL query resulting in a seperation of code and data.",
|
"3": "Placeholders prevent user input from being directly appended to the SQL query, ensuring a clear separation between code and data.",
|
||||||
"4": "Prepared statements always read inputs literally and never mixes it with its SQL commands."
|
"4": "Prepared statements treat all user input as literal values, never mixing it with SQL commands."
|
||||||
}
|
}
|
||||||
}, {
|
},
|
||||||
"text": "What happens if a person with malicious intent writes into a register form :Robert); DROP TABLE Students;-- that has a prepared statement?",
|
{
|
||||||
|
"text": "What happens if a person with malicious intent enters the following input into a registration form that uses a prepared statement? Input: Robert); DROP TABLE Students;--",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "The table Students and all of its content will be deleted.",
|
"1": "The Students table and all its data will be deleted.",
|
||||||
"2": "The input deletes all students with the name Robert.",
|
"2": "The input deletes all students named Robert.",
|
||||||
"3": "The database registers 'Robert' and deletes the table afterwards.",
|
"3": "The database registers Robert and then deletes the table.",
|
||||||
"4": "The database registers 'Robert' ); DROP TABLE Students;--'."
|
"4": "The database treats the entire input as a plain string: Robert); DROP TABLE Students;-- without executing it as SQL."
|
||||||
}
|
}
|
||||||
}]
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,19 +1,19 @@
|
|||||||
{
|
{
|
||||||
"questions": [{
|
"questions": [{
|
||||||
"text": "Are trusted websites immune to XSS attacks?",
|
"text": "Is a well known website, like Netflix, immune to XSS attacks?",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "Yes they are safe because the browser checks the code before executing.",
|
"1": "Yes, they are safe because the browser checks the code before executing.",
|
||||||
"2": "Yes because Google has got an algorithm that blocks malicious code.",
|
"2": "Yes, because Google has got an algorithm that blocks malicious code.",
|
||||||
"3": "No because the script that is executed will break through the defense algorithm of the browser.",
|
"3": "No, because the script that is executed will break through the defense algorithm of the browser.",
|
||||||
"4": "No because the browser trusts the website if it is acknowledged trusted, then the browser does not know that the script is malicious."
|
"4": "No, because the browser trusts the website if it is acknowledged trusted, then the browser does not know that the script is malicious."
|
||||||
}
|
}
|
||||||
}, {
|
}, {
|
||||||
"text": "When do XSS attacks occur?",
|
"text": "When do XSS attacks occur?",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "Data enters a web application through a trusted source.",
|
"1": "When malicious scripts are injected into a website's server-side code.",
|
||||||
"2": "Data enters a browser application through the website.",
|
"2": "When a user submits sensitive information without encryption.",
|
||||||
"3": "The data is included in dynamic content that is sent to a web user without being validated for malicious content.",
|
"3": "When a website fails to validate or sanitize user input, allowing malicious scripts to be executed in a user's browser.",
|
||||||
"4": "The data is excluded in static content that way it is sent without being validated."
|
"4": "When a website uses outdated SSL/TLS protocols."
|
||||||
}
|
}
|
||||||
}, {
|
}, {
|
||||||
"text": "What are Stored XSS attacks?",
|
"text": "What are Stored XSS attacks?",
|
||||||
@ -27,17 +27,17 @@
|
|||||||
"text": "What are Reflected XSS attacks?",
|
"text": "What are Reflected XSS attacks?",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "Reflected attacks reflect malicious code from the database to the web server and then reflect it back to the user.",
|
"1": "Reflected attacks reflect malicious code from the database to the web server and then reflect it back to the user.",
|
||||||
"2": "They reflect the injected script off the web server. That occurs when input sent to the web server is part of the request.",
|
"2": "They reflect the injected script off the web server. That occurs when input sent to the web server is part of the response.",
|
||||||
"3": "Reflected attacks reflect from the firewall off to the database where the user requests information from.",
|
"3": "Reflected attacks reflect from the firewall off to the database where the user requests information from.",
|
||||||
"4": "Reflected XSS is an attack where the injected script is reflected off the database and web server to the user."
|
"4": "Reflected XSS is an attack where the injected script is reflected off the database and web server to the user."
|
||||||
}
|
}
|
||||||
}, {
|
}, {
|
||||||
"text": "Is JavaScript the only way to perform XSS attacks?",
|
"text": "Is JavaScript the only way to perform XSS attacks?",
|
||||||
"solutions": {
|
"solutions": {
|
||||||
"1": "Yes you can only make use of tags through JavaScript.",
|
"1": "Yes, you can only make use of tags through JavaScript.",
|
||||||
"2": "Yes otherwise you cannot steal cookies.",
|
"2": "Yes, otherwise you cannot steal cookies.",
|
||||||
"3": "No there is ECMAScript too.",
|
"3": "No, there is ECMAScript too.",
|
||||||
"4": "No there are many other ways. Like HTML, Flash or any other type of code that the browser executes."
|
"4": "No, there are many other ways. Like HTML, Flash or any other type of code that the browser executes."
|
||||||
}
|
}
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user