CompTIA Security Plus Mock Test Q859

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

A. NoSQL databases are not vulnerable to XSRF attacks from the application server.
B. NoSQL databases are not vulnerable to SQL injection attacks.
C. NoSQL databases encrypt sensitive information by default.
D. NoSQL databases perform faster than SQL databases on the same hardware.

Correct Answer: B
Section: Application, Data and Host Security

Explanation:
NoSQL is a nonrelational database and does not use SQL. It is therefore not vulnerable to SQL injection attacks but is vulnerable to similar injection-type attacks.

Incorrect Answers:
A: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been
authenticated. This is often accomplished without the user’s knowledge.
C: NoSQL databases do not offer default encryption.
D: NoSQL databases do not offer greater performance on the same hardware but it does offer an advantage for extremely large data structures.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 217, 335
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 230, 232-233