Skip to content

Graded Quiz: Injection Vulnerabilities :Database Essentials and Vulnerabilities (IBM Cybersecurity Analyst Professional Certificate) Answers 2025

1. Question 1

Major risk of OS command injection?

  • Attackers can execute arbitrary OS commands, potentially leading to full system compromise

  • ❌ Bypass authentication

  • ❌ Only access logs

  • ❌ Only view files

Explanation:
OS command injection can give attackers full control over the underlying operating system.

2. Question 2

Why avoid executing OS commands directly?

  • It adds a wide attack surface that can be exploited if inputs are not sanitized

  • ❌ Commands require more complex code

  • ❌ Commands are always slower

  • ❌ Commands are less compatible

Explanation:
Direct OS execution exposes applications to high-impact vulnerabilities.

3. Question 3

Why run applications with least privilege?

  • ❌ Makes app faster

  • ❌ Simplifies code

  • Limits damage by restricting attacker capabilities

  • ❌ Improves OS compatibility

Explanation:
Least privilege minimizes harm even if an attacker exploits a vulnerability.

4. Question 4

Why can shell scripts be risky?

  • ❌ Only risky if large

  • ❌ Can’t execute system commands

  • ❌ Automatically run with elevated privileges

  • They may execute commands based on parameters, which can be malicious if unsanitized

Explanation:
Passing unsanitized user input to shell scripts can execute dangerous commands.

5. Question 5

Importance of using explicit paths for executables?

  • Prevents attackers from placing malicious executables

  • ❌ Simplifies code

  • ❌ Makes system faster

  • ❌ Fixes OS compatibility issues

Explanation:
Explicit paths ensure the intended safe executable is run, not a substituted malicious one.

6. Question 6

Why use whitelists instead of blacklists?

  • Whitelists clearly define acceptable inputs

  • ❌ Allow more freedom

  • ❌ Easier to implement

  • ❌ Blacklists too restrictive

Explanation:
Whitelists are safer because blacklists miss edge-case attacks.

7. Question 7

Key takeaway for preventing OS command injection?

  • ❌ Use advanced shells

  • ❌ Allow user input to define command parameters

  • Use safe library functions and sanitize inputs with whitelists

  • ❌ Use dynamic file paths

Explanation:
Avoid executing OS commands when possible; sanitize all user inputs.

8. Question 8

Primary cause of SQL injection?

  • ❌ Lack of indexing

  • ❌ Outdated DB software

  • ❌ Too many joins

  • Improper sanitization of user inputs

Explanation:
SQL injection happens when user input is inserted into queries without validation.

9. Question 9

NOT recommended for preventing SQL injection?

  • ❌ Using stored procedures

  • Embedding user input directly into SQL queries

  • ❌ Limiting DB permissions

  • ❌ Sanitizing inputs

Explanation:
Directly inserting user input into SQL commands is dangerous.

10. Question 10

Why conduct security audits and code reviews?

  • ❌ Ensure encryption compliance

  • Identify and address injection vulnerabilities

  • ❌ Improve indexing

  • ❌ Disable unnecessary features

Explanation:
Audits catch vulnerabilities early and prevent exploitation.

🧾 Summary Table

Q No. Correct Answer Key Concept
1 Full OS compromise OS command injection
2 OS commands expand attack surface Security risk
3 Limit damage with least privilege Privilege principle
4 Shell scripts can execute malicious input Script sanitization
5 Prevent malicious executables Explicit paths
6 Whitelists define allowed inputs Input validation
7 Use safe functions + sanitize inputs OS command safety
8 Improper input sanitization SQL injection cause
9 Embedding user input in SQL Bad practice
10 Identify injection vulnerabilities Security audits