SQL Injection Attacks
Cybersecurity Basics
Defense Strategies
The Enemy
Data Breaches/Attacks

100

What is a SQL Injection attack?

An attack that uses malicious SQL code to manipulate a database.

100

What does "CIA triad" stand for in cybersecurity?

Confidentiality, Integrity, Availability

100

What is a common security practice to limit the damage of a successful attack by restricting user access?

Least privilege

100

What term describes an individual who uses their technical skills to gain unauthorized access to computer systems or networks, often with malicious intent?

Who are hackers?

100

What is the term for the unauthorized access and disclosure of sensitive information?

Data breach

200

What SQL clause is often used in injection attacks to add malicious conditions to a query (e.g., ' OR 1=1)?

OR clause

200

What is the term for a program or code that replicates itself and spreads to other computers?

Malware (or Virus or Worm)

200

Describe how hashed passwords contribute to security.

Hashing transforms passwords into an irreversible format, so even if the database is compromised, the actual passwords are not directly revealed.

200
Is the risk presented to an organization by current or past employees who have knowledge of how the organization works and what and where the most valuable (damaging) information might reside.
What is Insider threat?
200

A technique used to deceive individuals into providing sensitive information, such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity in electronic communication.

What is Phishing?

300

What does SQL stand for - each letter...

Structured Query Language

300

This is a method of transforming data to protect its confidentiality.

Encryption

300

What does Linux command  "sudo" mean?

What is “substitute user,” “super user"?

300
These are well run groups of crooks who methodically look for computer vulnerabilities to steal large numbers of financial or credit card accounts for financial profit.
Who are organized crime groups?
300

A type of cyberattack that uses telephone calls and voice messaging to trick individuals into revealing sensitive information.

Vishing

400

SQL is a language used to communicate with: _____

Databases

400

Where malicious actors register domain names that are very similar to legitimate websites, but with minor spelling errors or variations.

What is Typosquatting?

400

Describe the 2 parts of Asymmetric Key Encryption.

 What is Public Key - available to everyone.

What is private key - kept only by the keypair creator.

400

This type of malicious software often spreads by attaching itself to legitimate programs.

Virus

400

Any information that can be used to identify an individual, such as name, address, social security number, etc.

What is personally identifiable information (PII)?

500

What does * in this statement do & what is it called?

  • SELECT * FROM students;

Wildcard - selects everything

500

Explain the difference between authentication and authorization.

Authentication verifies who a user is, while authorization determines what they are allowed to do.

500
It is a word or phrase that verifies that you and only you had access to the account.
What is a Password?
500

The weakest link in every computer system. The one person who can through thoughtlessness, unawareness or accident, cause loss of work products through deletion, corruption or improperly safeguarding data.

Who are you? (Who am I?)

500

A type of obfuscation where A message is embedded in an image.

What is Steganography?

M
e
n
u