Welcome to the Development with SQL Server MCQs Page

Dive deep into the fascinating world of Development with SQL Server with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Development with SQL Server, a crucial aspect of SQL Server. In this section, you will encounter a diverse range of MCQs that cover various aspects of Development with SQL Server, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within SQL Server.

Check out the MCQs below to embark on an enriching journey through Development with SQL Server. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of SQL Server.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Development with SQL Server. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Development with SQL Server MCQs | Page 14 of 14

Explore more Topics under SQL Server

01

SQL Server Basics

02

Data Modification and Constraints

03

Beyond Relational

04

Data Definition Language

05

Data Connectivity

06

Enterprise Data Management

07

Data Security

08

Monitoring and Auditing

09

Performance Tuning and Optimization

10

Business Intelligence and Reporting Services

Q131.

SQL injection is an attack in which _________ code is inserted into strings that are later passed to an instance of SQL Server.

malicious

redundant

clean

non malicious

Discuss

Answer: (a).malicious

Q132.

Point out the correct statement.

Parameterized data cannot be manipulated by a skilled and determined attacker

Procedure that constructs SQL statements should be reviewed for injection vulnerabilities

The primary form of SQL injection consists of indirect insertion of code

None of the mentioned

Discuss

Answer: (b).Procedure that constructs SQL statements should be reviewed for injection vulnerabilities

Q133.

Which of the following script is example of SQL injection attack?

var Shipcity;
ShipCity = Request.form ("ShipCity");
var SQL = "select * from OrdersTable where ShipCity = '" + ShipCity + "'";

var Shipcity;
ShipCity = Request.form ("ShipCity");

var Shipcity;
var SQL = "select * from OrdersTable where ShipCity = '" + ShipCity + "'";

All of the mentioned

Discuss

Answer: (a).var Shipcity;
ShipCity = Request.form ("ShipCity");
var SQL = "select * from OrdersTable where ShipCity = '" + ShipCity + "'";

Q134.

Any user-controlled parameter that gets processed by the application includes vulnerabilities like ___________

Host-related information

Browser-related information

Application parameters included as part of the body of a POST request

All of the mentioned

Discuss

Answer: (d).All of the mentioned

Q135.

Point out the wrong statement.

SQL injection vulnerabilities occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized

SQL injection allows an attacker to access the SQL servers and execute SQL code under the privileges of the user used to connect to the database

The use of PL-SQL opens the door to these vulnerabilities

None of the mentioned

Discuss

Answer: (c).The use of PL-SQL opens the door to these vulnerabilities

Q136.

Which of the stored procedure is used to test the SQL injection attack?

xp_write

xp_regwrite

xp_reg

all of the mentioned

Discuss

Answer: (b).xp_regwrite

Q137.

If xp_cmdshell has been disabled with sp_dropextendedproc, we can simply inject the following code?

sp_addextendedproc ‘xp_cmdshell’,’xp_log70.dll’

sp_addproc ‘xp_cmdshell’,’xp_log70.dll’

sp_addextendedproc ‘xp_cmdshell’,’log70.dll’

none of the mentioned

Discuss

Answer: (a).sp_addextendedproc ‘xp_cmdshell’,’xp_log70.dll’

Q138.

Which of the following code can enable xp_cmdshell?

master..sp_configure 'show advanced options',1
reconfigure
master..sp_configure 'xp_cmdshell',1
reconfigure

master..sp_configure 'show advanced options',1
configure
master..sp_configure 'xp_cmdshell',1
configure

master..sp_reconfigure 'show advanced options',1
reconfigure
master..sp_reconfigure 'xp_cmdshell',1
reconfigure

All of the mentioned

Discuss

Answer: (a).master..sp_configure 'show advanced options',1
reconfigure
master..sp_configure 'xp_cmdshell',1
reconfigure

Q139.

Which of the following script is an example of Quick detection in the SQL injection attack?

SELECT loginame FROM master..sysprocesses WHERE spid = @@SPID

For integer inputs : convert(int,@@version)

IF condition true-part ELSE false-part (S)

SELECT header, txt FROM news UNION ALL SELECT name, pass FROM members

Discuss

Answer: (b).For integer inputs : convert(int,@@version)

Q140.

_______________ is time based SQL injection attack.

Quick detection

Initial Exploitation

Blind SQL Injection

Inline Comments

Discuss

Answer: (c).Blind SQL Injection

Page 14 of 14

Welcome to the Development with SQL Server MCQs Page

Development with SQL Server MCQs | Page 14 of 14

Explore more Topics under SQL Server

SQL Server Basics

Data Modification and Constraints

Beyond Relational

Data Definition Language

Data Connectivity

Enterprise Data Management

Data Security

Monitoring and Auditing

Performance Tuning and Optimization

Business Intelligence and Reporting Services

Suggested Topics

HTML

JavaScript

Computer Graphics

Digital Image Processing (DIP)

Neural Networks

Java Programming

PHP

Object Oriented Programming Using C++

Embedded Systems