Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security+ labs > lab 15 > Flashcards

lab 15 Flashcards

1
Q

What user account name is not present in this SQLi result?

admin
Hack
Morgan
Bob
Pablo
Gordon

A

Morgan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following are column names from the users table of the dvwa database? (Select seven (7) column names)

user_id
avatar
failed_login
comment
first_name
last_login
last_name
name
password
USER

A

user_id
avatar
failed_login
first_name
last_login
last_name
password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the HTTP referrer for this log record related to your first submission to the SQLi page of just the number ‘1’?

“GET /vulnerabilities/sqli/”
“GET /vulnerabilities/sqli/?id=7&Submit=Sumbit# HTTP/1.1”
“GET /vulnerabilities/xss_r/ HTTP/1.1”
“GET /vulnerabilities/sqli/?id=1&Submit=Sumbit# HTTP/1.1”

A

“GET /vulnerabilities/sqli/”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the percent-encoding for a single quotation mark?

%3e
%3a
%27
%21

A

%27

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What could be found in a website’s access log as a representation of a space in an HTTP request? (Select 2)

+ (a plus sign)
%3c
%20
%22

A

+ (a plus sign)
%20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why is the octothorpe after the ‘NULL’ parameter used in this submitted SQLi statement?

end-of-line comment
carriage return and line feed
to append the command to the existing script statement
retrieve certain records from one or more tables.

A

end-of-line comment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In SQLi, what is the most important character?

octothorp
equals
backslash
asterisks
single quote

A

single quote

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the SQL expression used to combine instructions or operations?

INSERT
UNION
SELECT
FROM

A

UNION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following SQLi statements is used to return a result which includes the DBMS details?

’ UNION SELECT @@version, NULL#

’ UNION SELECT table_name, column_name FROM information_schema.columns#

’ UNION SELECT table_schema, table_name FROM information_schema.tables#

’ UNION SELECT user, password FROM users#

A

’ UNION SELECT @@version, NULL#

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What evidence in a website’s log is most clearly IoC observables related to SQLi?

percent-encoding
an HTTP referrer
ORDER BY, UNION, SELECT, UPDATE, INSERT, DELETE, or DROP
the HTTP response code of 200

A

ORDER BY, UNION, SELECT, UPDATE, INSERT, DELETE, or DROP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the first table name discovered from the DVWA database?

A

users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the second table name discovered from the DVWA database?

A

guestbook

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security+ labs (37 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions