Related InterviewSolutions

• Which of the following script is an example of Quick detection in the SQL injection attack?(a) SELECT loginame FROM master..sysprocesses WHERE spid = SPID(b) For integer inputs : convert(int,version)(c) IF condition true-part ELSE false-part (S)(d) SELECT header, txt FROM news UNION ALL SELECT name, pass FROM membersThe question was asked in homework.I would like to ask this question from SQL Injection in chapter Developing with SQL Server of SQL Server
• _______________ is time based SQL injection attack.(a) Quick detection(b) Initial Exploitation(c) Blind SQL Injection(d) Inline CommentsI had been asked this question in an interview for internship.My question is taken from SQL Injection topic in portion Developing with SQL Server of SQL Server
• Point out the wrong statement.(a) SQL injection vulnerabilities occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized(b) SQL injection allows an attacker to access the SQL servers and execute SQL code under the privileges of the user used to connect to the database(c) The use of PL-SQL opens the door to these vulnerabilities(d) None of the mentionedThe question was asked in exam.I need to ask this question from SQL Injection in portion Developing with SQL Server of SQL Server
• Any user-controlled parameter that gets processed by the application includes vulnerabilities like ___________(a) Host-related information(b) Browser-related information(c) Application parameters included as part of the body of a POST request(d) All of the mentionedI have been asked this question in an interview.Question is from SQL Injection in division Developing with SQL Server of SQL Server
• Which of the stored procedure used for dynamic SQL is prone to attacks?(a) xp_executesql(b) executesql(c) sp_execute(d) sp_executesqlI had been asked this question during an internship interview.Enquiry is from Dynamic SQL in section Developing with SQL Server of SQL Server
• Which of the following is a disadvantage of dynamic SQL?(a) Stored procedure can not cache the execution plan for this dynamic query(b) Stored procedure can cache the execution plan for this dynamic query(c) Flexibility in your code that you can not get with standard SQL(d) All of the mentionedThis question was posed to me in an online quiz.This is a very interesting question from Dynamic SQL in section Developing with SQL Server of SQL Server
• The basic syntax for using EXECUTE command is ___________(a) SP_EXECUTE(@SQLStatement)(b) EXEC_SQL(@SQLStatement)(c) EXECUTE(@SQLStatement)(d) All of the mentionedI had been asked this question in an interview for internship.This interesting question is from Dynamic SQL topic in section Developing with SQL Server of SQL Server
• Point out the wrong statement.(a) The @stmt parameter in sp_executesql is a Unicode string containing valid SQL commands(b) The input type @Type is passed as the first parameter to sp_executesql(c) We can specify the parameters for both input and output in sp_executesql(d) None of the mentionedI got this question in semester exam.I would like to ask this question from Dynamic SQL topic in section Developing with SQL Server of SQL Server
• The Dynamic SQL Queries in a variable are __________ until they are executed.(a) Compiled(b) Parsed(c) Checked for errors(d) All of the mentionedI had been asked this question during a job interview.My doubt stems from Dynamic SQL in portion Developing with SQL Server of SQL Server
• Which of the following is a calling syntax for sp_executesql?(a) sp_execute [,, …](b) sp_sql [,, …](c) sp_executesql [,, …](d) sp_executesql [,, …]I had been asked this question by my college director while I was bunking the class.This is a very interesting question from Dynamic SQL topic in division Developing with SQL Server of SQL Server