0

security Online Quiz - 21

Description: security Online Quiz - 21
Number of Questions: 20
Created by:
Tags: security
Attempted 0/20 Correct 0 Score 0
  1. During testing

  2. During development

  3. During design

  4. During all phases of application development


Correct Option: D
  1. An insecure J2EE web application

  2. A framework for analyzing applications that communicate using the HTTP and HTTPS, most common usage is an intercepting proxy

  3. Static Source Code Analyser

  4. Penetration Testing Tool


Correct Option: B

Which among the below is a browser based HTTP tampering tool for Firefox browser?

  1. LiveHTTPHeaders

  2. Sqlninja

  3. Bobcat

  4. WebGoat


Correct Option: A

AI Explanation

To answer this question, you need to understand the different tools available for tampering with HTTP requests in a browser.

Option A) LiveHTTPHeaders - This option is correct. LiveHTTPHeaders is a browser-based HTTP tampering tool for the Firefox browser. It allows users to view and manipulate HTTP headers and requests in real-time.

Option B) Sqlninja - This option is incorrect. Sqlninja is not a browser-based HTTP tampering tool. It is a tool used for exploiting SQL injection vulnerabilities.

Option C) Bobcat - This option is incorrect. Bobcat is not a browser-based HTTP tampering tool. It is a tool used for load testing and analyzing the performance of web applications.

Option D) WebGoat - This option is incorrect. WebGoat is not a browser-based HTTP tampering tool. It is a deliberately insecure web application designed to teach web application security lessons.

The correct answer is A) LiveHTTPHeaders. This option is correct because LiveHTTPHeaders is a browser-based HTTP tampering tool for the Firefox browser.

  1. Web Proxy

  2. XSS Scanner

  3. An insecure J2EE web application

  4. None of the above


Correct Option: C
  1. White-box testing is performed by an independent programmer team

  2. Black-box testing uses the bottom-up approach

  3. Black-box testing involves the business units

  4. White-box testing examines the program internal logical structures


Correct Option: D
  1. A penetration test enumerates resources, and a vulnerability assessment enumerates vulnerabilities

  2. They are one and the same

  3. A penetration test identifies running services, and vulnerability assessments provide a more in-depth understanding of vulnerabilities

  4. A penetration test exploits vulnerabilities, and a vulnerability assessment finds vulnerabilities


Correct Option: D

The three steps to successful patch management are …

  1. Acquiring, Testing, Installing

  2. Testing, Remediation, Peer Review

  3. Determine needs, Acquire resources, Install the patch

  4. Both A & B


Correct Option: A

The correct way to disable autocomplete in the browser for certain forms is to ….

  1. Set autocomplete to “0”

  2. Set autocomplete to “Off”

  3. Set autocomplete to some other value

  4. Set autocomplete to “no-store”


Correct Option: B

AI Explanation

To answer this question, you need to understand how to disable autocomplete in a browser for certain forms. Let's go through each option to understand why it is correct or incorrect:

Option A) Set autocomplete to "0" - This option is incorrect because the correct attribute value to disable autocomplete is "off", not "0".

Option B) Set autocomplete to "Off" - This option is correct because setting the autocomplete attribute to "off" will disable autocomplete for the specific form.

Option C) Set autocomplete to some other value - This option is incorrect because the attribute value "off" is specifically used to disable autocomplete. Using any other value will not have the desired effect.

Option D) Set autocomplete to "no-store" - This option is incorrect because "no-store" is used to indicate that the browser should not store the form data in its cache, but it does not disable autocomplete.

The correct answer is B) Set autocomplete to "Off". This option is correct because setting the autocomplete attribute to "off" will effectively disable autocomplete for the specific form.

  1. No. Because leads to insecure storage of private information of the customer

  2. Yes. Because it is a good logging practice to log all relevant information during an exception

  3. Yes. Because it will help in troubleshooting specific customer problems

  4. No. Because its an additional over head


Correct Option: A
  1. SQL Injection

  2. Denial of Service

  3. XML Injection

  4. All of the above


Correct Option: D
  1. Resources to become unavailable to legitimate users

  2. Cross Site Tracing

  3. Server Instability

  4. Both A and B


Correct Option: C
  1. Web Server configuration files

  2. Application configuration files

  3. Application error handlers

  4. All of the above


Correct Option: D
  1. Java sand box environment provides protection against decompilation

  2. Java is compiled into ELF binaries and cannot be decompiled

  3. Java byte code can always be decompiled, code obfuscators can make the reverse engineering process more time confusing but cannot prevent it

  4. Java is difficult to decompile because the Just-In-Time compiler automatically perform string encryption by default


Correct Option: C
  1. Equivalent to normal users

  2. Less than those of normal users as all administrators are trustworthy

  3. No authentication is required for administrators

  4. Greater than those of normal users


Correct Option: D
  1. Only be used on administrator accounts to ensure continuous access to users

  2. Only be used on user accounts to ensure that administrators are not locked out of the application

  3. Only be used when there is a secure process to unlock the account

  4. None of the above


Correct Option: C
  1. Cannot be treated as a secure practice

  2. Is a good way to hide passwords from hackers

  3. Is perfectly fine for internal applications

  4. Is perfectly fine for external user facing applications


Correct Option: A

Configuration Management Security principles apply to

  1. Commercial applications

  2. Custom built applications

  3. In house developed applications

  4. All of the above


Correct Option: D
- Hide questions