• security Online Quiz - 21
Back
0

security Online Quiz - 21

Description: security Online Quiz - 21
Number of Questions: 20
Created by:
Tags: security
Start the Quiz
Attempted 0/20 Correct 0 Score 0

When is the best time to think about application security
technology security

  1. During testing

  2. During development

  3. During design

  4. During all phases of application development

Show answer
Correct Option: D

What is OWASP WebScarab?
technology security

  1. An insecure J2EE web application

  2. A framework for analyzing applications that communicate using the HTTP and HTTPS, most common usage is an intercepting proxy

  3. Static Source Code Analyser

  4. Penetration Testing Tool

Show answer
Correct Option: B

Which among the below is a browser based HTTP tampering tool for Firefox browser?

technology security

  1. LiveHTTPHeaders

  2. Sqlninja

  3. Bobcat

  4. WebGoat

Show answer
Correct Option: A

AI Explanation

To answer this question, you need to understand the different tools available for tampering with HTTP requests in a browser.

Option A) LiveHTTPHeaders - This option is correct. LiveHTTPHeaders is a browser-based HTTP tampering tool for the Firefox browser. It allows users to view and manipulate HTTP headers and requests in real-time.

Option B) Sqlninja - This option is incorrect. Sqlninja is not a browser-based HTTP tampering tool. It is a tool used for exploiting SQL injection vulnerabilities.

Option C) Bobcat - This option is incorrect. Bobcat is not a browser-based HTTP tampering tool. It is a tool used for load testing and analyzing the performance of web applications.

Option D) WebGoat - This option is incorrect. WebGoat is not a browser-based HTTP tampering tool. It is a deliberately insecure web application designed to teach web application security lessons.

The correct answer is A) LiveHTTPHeaders. This option is correct because LiveHTTPHeaders is a browser-based HTTP tampering tool for the Firefox browser.

What product among the below can be used as a static code analyzer?
technology security

  1. Ounce

  2. WebInspect

  3. IBM RAD

  4. None of the above

Show answer
Correct Option: A

Which product among the below can be used as a penetration testing tool?
technology security

  1. Ounce

  2. DevInspect

  3. AppScan

  4. FXCop

Show answer
Correct Option: C

What is OWASP WebGoat?
technology security

  1. Web Proxy

  2. XSS Scanner

  3. An insecure J2EE web application

  4. None of the above

Show answer
Correct Option: C

Which of the following best describes the difference between white-box testing and black-box testing?
technology security

  1. White-box testing is performed by an independent programmer team

  2. Black-box testing uses the bottom-up approach

  3. Black-box testing involves the business units

  4. White-box testing examines the program internal logical structures

Show answer
Correct Option: D

Scanning underlying source code with a database of regular expressions to quickly identify suspicious code, application inputs, outputs etc primarily relates to ..
technology security

  1. Grey-box testing

  2. Black-box testing

  3. White-box testing

  4. None of these

Show answer
Correct Option: C

What is the difference between network vulnerability assessment and a penetration test?
technology security

  1. A penetration test enumerates resources, and a vulnerability assessment enumerates vulnerabilities

  2. They are one and the same

  3. A penetration test identifies running services, and vulnerability assessments provide a more in-depth understanding of vulnerabilities

  4. A penetration test exploits vulnerabilities, and a vulnerability assessment finds vulnerabilities

Show answer
Correct Option: D

The three steps to successful patch management are …

technology security

  1. Acquiring, Testing, Installing

  2. Testing, Remediation, Peer Review

  3. Determine needs, Acquire resources, Install the patch

  4. Both A & B

Show answer
Correct Option: A

The correct way to disable autocomplete in the browser for certain forms is to ….

technology security

  1. Set autocomplete to “0”

  2. Set autocomplete to “Off”

  3. Set autocomplete to some other value

  4. Set autocomplete to “no-store”

Show answer
Correct Option: B

AI Explanation

To answer this question, you need to understand how to disable autocomplete in a browser for certain forms. Let's go through each option to understand why it is correct or incorrect:

Option A) Set autocomplete to "0" - This option is incorrect because the correct attribute value to disable autocomplete is "off", not "0".

Option B) Set autocomplete to "Off" - This option is correct because setting the autocomplete attribute to "off" will disable autocomplete for the specific form.

Option C) Set autocomplete to some other value - This option is incorrect because the attribute value "off" is specifically used to disable autocomplete. Using any other value will not have the desired effect.

Option D) Set autocomplete to "no-store" - This option is incorrect because "no-store" is used to indicate that the browser should not store the form data in its cache, but it does not disable autocomplete.

The correct answer is B) Set autocomplete to "Off". This option is correct because setting the autocomplete attribute to "off" will effectively disable autocomplete for the specific form.

Credit card numbers should be logged into the log file during exception
technology security

  1. No. Because leads to insecure storage of private information of the customer

  2. Yes. Because it is a good logging practice to log all relevant information during an exception

  3. Yes. Because it will help in troubleshooting specific customer problems

  4. No. Because its an additional over head

Show answer
Correct Option: A

Web Service interfaces are prone to which of the following standard web application attacks ?
technology security

  1. SQL Injection

  2. Denial of Service

  3. XML Injection

  4. All of the above

Show answer
Correct Option: D

A race condition in a web server can cause …
technology security

  1. Resources to become unavailable to legitimate users

  2. Cross Site Tracing

  3. Server Instability

  4. Both A and B

Show answer
Correct Option: C

It is a leading practice to suppress detailed errors in the following places:
technology security

  1. Web Server configuration files

  2. Application configuration files

  3. Application error handlers

  4. All of the above

Show answer
Correct Option: D

Which of the following is true regarding reverse engineering of compiled Java code
technology security

  1. Java sand box environment provides protection against decompilation

  2. Java is compiled into ELF binaries and cannot be decompiled

  3. Java byte code can always be decompiled, code obfuscators can make the reverse engineering process more time confusing but cannot prevent it

  4. Java is difficult to decompile because the Just-In-Time compiler automatically perform string encryption by default

Show answer
Correct Option: C

Requirements for administrator authentication should be
technology security

  1. Equivalent to normal users

  2. Less than those of normal users as all administrators are trustworthy

  3. No authentication is required for administrators

  4. Greater than those of normal users

Show answer
Correct Option: D

Account lockouts should
technology security

  1. Only be used on administrator accounts to ensure continuous access to users

  2. Only be used on user accounts to ensure that administrators are not locked out of the application

  3. Only be used when there is a secure process to unlock the account

  4. None of the above

Show answer
Correct Option: C

Hard Coding credentials
technology security

  1. Cannot be treated as a secure practice

  2. Is a good way to hide passwords from hackers

  3. Is perfectly fine for internal applications

  4. Is perfectly fine for external user facing applications

Show answer
Correct Option: A

Configuration Management Security principles apply to

technology security

  1. Commercial applications

  2. Custom built applications

  3. In house developed applications

  4. All of the above

Show answer
Correct Option: D
- Hide questions
ADVERTISEMENT

Find more quizzes from top tags

general knowledge
3615 Quizzes
119858 Questions
 technology
307 Quizzes
36705 Questions
 sports
963 Quizzes
19148 Questions
 history
1187 Quizzes
13475 Questions
 physics
598 Quizzes
13441 Questions
 biology
1160 Quizzes
12174 Questions
 science & technology
551 Quizzes
11015 Questions
 chemistry
490 Quizzes
9892 Questions
 maths
518 Quizzes
9324 Questions
 softskills
0 Quizzes
7131 Questions