New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

The SecOps Group CAP Exam - Topic 4 Question 103 Discussion

Actual exam question for The SecOps Group's CAP exam
Question #: 103
Topic #: 4
[All CAP Questions]

In the context of NoSQL injection, which of the following is correct?

Statement A: NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax.

Statement B: NoSQL database calls are written in the application's programming language, a custom API call, or formatted according to a common convention (such as XML, JSON, LINQ, etc).

Show Suggested Answer Hide Answer
Suggested Answer: D

Let's evaluate the two statements about NoSQL injection:

Statement A: NoSQL databases (e.g., MongoDB, Cassandra) are designed for scalability and flexibility, often sacrificing strict consistency for performance (e.g., eventual consistency in distributed systems). Unlike traditional SQL databases, they do not enforce rigid relational constraints, which simplifies scaling but does not eliminate the risk of injection attacks. Even without SQL syntax, NoSQL databases are vulnerable to injection if user input is not sanitized (e.g., in MongoDB, injecting $where or $ne operators). This statement is true.

Statement B: NoSQL database queries are typically written in the application's programming language (e.g., JavaScript for MongoDB), using a custom API (e.g., MongoDB's query API), or formatted in standards like JSON, XML, or LINQ. For example, a MongoDB query might look like db.collection.find({ 'key': input }), where input is a JSON-like structure. This statement accurately describes how NoSQL queries are constructed and is true.

Option A ('A is true, and B is false'): Incorrect, as both statements are true.

Option B ('A is false, and B is true'): Incorrect, as both statements are true.

Option C ('Both A and B are false'): Incorrect, as both statements are true.

Option D ('Both A and B are true'): Correct, as both statements accurately describe NoSQL databases and their vulnerability to injection.

The correct answer is D, aligning with the CAP syllabus under 'NoSQL Injection' and 'Database Security.'


by Hildred at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium CAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Corrinne
3 days ago
Haha, I bet the exam writer is trying to trick us with this one. Better read those statements carefully!
upvoted 0 times
...
Dominque
8 days ago
Both A and B are true. This question is a good example of the differences between SQL and NoSQL databases when it comes to security considerations.
upvoted 0 times
...
Trevor
14 days ago
I agree with Statement B. NoSQL database calls are typically written in the application's programming language or a custom API, not in traditional SQL syntax.
upvoted 0 times
...
Erick
19 days ago
Statement A is correct. NoSQL databases do provide looser consistency restrictions, which can lead to performance and scaling benefits, but they are still vulnerable to injection attacks.
upvoted 0 times
...
Chanel
24 days ago
I thought NoSQL was less prone to traditional SQL injection, but I guess it can still be vulnerable in other ways. I’m leaning towards A being true.
upvoted 0 times
...
Millie
29 days ago
I practiced a question like this before, and I feel like both statements have some truth, but I can't pinpoint the exact details.
upvoted 0 times
...
Irene
1 month ago
I think Statement B is definitely true since NoSQL queries often use JSON or similar formats, but I can't recall if A is completely accurate.
upvoted 0 times
...
Kristian
1 month ago
I remember studying that NoSQL databases do have looser consistency, but I'm not sure if that makes them more vulnerable to injections.
upvoted 0 times
...
Blondell
1 month ago
I'm a bit confused on this one. I know NoSQL databases have some differences from SQL, but I'm not sure I fully grasp how that impacts injection vulnerabilities. I'll have to review my notes and try to reason through the logic of the statements.
upvoted 0 times
...
Maryln
2 months ago
Injection attacks can happen in any database system, even if the syntax is different. And the flexibility of NoSQL can come with some trade-offs in terms of security. I'm pretty confident that A is correct and B is false.
upvoted 0 times
...
Frankie
2 months ago
Okay, I think I understand the key points here. NoSQL databases are more flexible with consistency, but that doesn't mean they're immune to injection attacks. And the syntax for interacting with them is different from traditional SQL. I'm leaning towards D, but I want to double-check my understanding.
upvoted 0 times
...
Laquita
2 months ago
Hmm, this is a tricky one. I know NoSQL databases are different from SQL, but I'm not sure about the specifics of injection vulnerabilities. I'll have to think this through carefully.
upvoted 0 times
...

Save Cancel