• security Online Quiz - 25
Back
0

security Online Quiz - 25

Description: security Online Quiz - 25
Number of Questions: 20
Created by:
Tags: security
Start the Quiz
Attempted 0/20 Correct 0 Score 0

Data hashing will
technology security

  1. Ensure that the data has not been tampered with

  2. Ensure that the session is valid

  3. Ensure that the user is valid

  4. All of the above

Show answer
Correct Option: A

A successful forced browsing attack indicates a vulnerability in

technology security

  1. The configuration management

  2. The session management

  3. The change management process

  4. The authorization process

Show answer
Correct Option: D

AI Explanation

To answer this question, let's go through each option to understand why it is correct or incorrect:

Option A) The configuration management - This option is incorrect because forced browsing attacks do not directly target configuration management. Forced browsing attacks involve accessing unauthorized directories or files by manipulating URLs or paths.

Option B) The session management - This option is incorrect because forced browsing attacks do not directly target session management. Forced browsing attacks focus on accessing unauthorized information, not manipulating session data.

Option C) The change management process - This option is incorrect because forced browsing attacks do not directly target the change management process. Forced browsing attacks involve accessing unauthorized directories or files, rather than exploiting weaknesses in the change management process.

Option D) The authorization process - This option is correct because a successful forced browsing attack indicates a vulnerability in the authorization process. Forced browsing attacks involve accessing unauthorized directories or files by manipulating URLs or paths. If the authorization process is not properly implemented, attackers can bypass access controls and gain unauthorized access to sensitive information.

The correct answer is D) The authorization process. This option is correct because forced browsing attacks exploit vulnerabilities in the authorization process, allowing unauthorized access to protected resources.

Which of the protocols can be used together?

technology security

  1. SOAP and SAML

  2. SOAP and HTTP

  3. SSL and SOAP

  4. All

Show answer
Correct Option: D

Administrative pages for websites should be protected by

technology security

  1. A mechanism that requires only a password

  2. Basic authentication

  3. 2/3 factor authentication

  4. A mechanism with no lock-out, to prevent accidentally denying legitimate access

Show answer
Correct Option: C

Which Scope contain data specific to a user session?
technology security

  1. Page Scope

  2. Session Scope

  3. Request Scope

  4. Application Scope

Show answer
Correct Option: B

The difference between a GET and a POST request is

technology security

  1. It does not matter, the web serve will treat all GET requests as POST requests

  2. The information in a POST request cannot be manipulated. It is possible to change a GET request

  3. A GET request is sent when requesting information; A POST request is sent when sending information

  4. The data is sent in the body of the POST request and in the URL in a GET request

Show answer
Correct Option: D

AI Explanation

To answer this question, you need to understand the difference between a GET and a POST request in the context of web communication.

Let's go through each option to understand why it is correct or incorrect:

Option A) It does not matter, the web server will treat all GET requests as POST requests - This option is incorrect. GET and POST requests are distinct and have different purposes. The web server does not treat all GET requests as POST requests.

Option B) The information in a POST request cannot be manipulated. It is possible to change a GET request - This option is incorrect. Both GET and POST requests can be manipulated. It is possible to change the information in both types of requests.

Option C) A GET request is sent when requesting information; A POST request is sent when sending information - This option is partially correct. A GET request is indeed sent when requesting information, such as retrieving data from a server. However, a POST request is not necessarily sent when sending information. It can also be used for other purposes like submitting data to a server.

Option D) The data is sent in the body of the POST request and in the URL in a GET request - This option is correct. In a GET request, the data is sent in the URL as query parameters. These query parameters are visible in the URL itself. In contrast, in a POST request, the data is sent in the body of the request, which is not visible in the URL.

Based on the explanations above, the correct answer is option D.

In order to avoid information disclosure error messages containing stack traces, specific application information should be

technology security

  1. Sent to the user in a hidden field so that tech support can retrieve the information later

  2. Destroyed if it occurs to minimize the chances that this information might be inadvertently disclosed

  3. Logged on the server side

  4. A and C

Show answer
Correct Option: C

Which form of accountability should be used
technology security

  1. Accounts for each user

  2. Account for each group of users

  3. Accounts for each business unit

  4. None of the above

Show answer
Correct Option: A

What is suggested as the leading practice for the maximum length of time before users are forced to change their passwords?

technology security

  1. 60 days

  2. 180 days

  3. 120 days

  4. 90 days

Show answer
Correct Option: D

Leaving comments in HTML source code when an application leaves the development environment

technology security

  1. Is a good programming practice

  2. Is very useful during code reviews

  3. Is the recommended practice for secure code maintenance

  4. May give the attacker valuable information to perform an exploit

Show answer
Correct Option: D

Which of the following is true?

technology security

  1. Servers are generally configured in a secure manner when they are first installed

  2. It is impossible to securely configure a web server

  3. Out of the box settings normally meet what is called minimum baseline security standards

  4. The default settings on web servers are not generally secure

Show answer
Correct Option: D

Which of the following is NOT recommended for securing Web Applications against malicious users?
technology security

  1. Filtering data with a default deny regular expression

  2. Running the application with the least privilege necessary

  3. Client side data validation

  4. Retrieving data from database using pre-compiled stored procedures

Show answer
Correct Option: C

Phishing attacks are successful when

technology security

  1. The web server is not patched

  2. The attack entices a user to perform a certain action

  3. Users do not patch their machines

  4. Users share email accounts

Show answer
Correct Option: B

How to stop forceful browsing?

technology security

  1. Check authorization on each page

  2. Name files with un-guessable names

  3. Place all accessible files in the same directory

  4. ACL's on the web root

Show answer
Correct Option: A

Extra parameters which are currently not used in the application

technology security

  1. Is necessary to check some functionalities during the testing and production support

  2. May lead to security breaches

  3. Do not consume significant bandwidth and so can be allowed in the application

  4. Is necessary in case the application needs a future addition

Show answer
Correct Option: B

How long does a request scope exist?

technology security

  1. The length of the User's Session

  2. The length of a single HTTP response

  3. The length of a single HTTP request

  4. Until the server is rebooted

Show answer
Correct Option: C

A security policy should safeguard which of the following system features?
technology security

  1. Integrity

  2. Availability

  3. Confidentiality

  4. All of the Above

Show answer
Correct Option: D

Man-in-the-middle attack means

technology security

  1. The attacker intercepts a message or data transfer between the sender and the receiver

  2. The attacker impersonates an authorized user or service in order to gain access to your system

  3. Both 1 & 2

  4. None of the above

Show answer
Correct Option: A

AI Explanation

To answer this question, we need to understand what a man-in-the-middle attack is.

A man-in-the-middle attack is a type of cyber attack where an attacker intercepts a message or data transfer between the sender and the receiver. The attacker positions themselves between the sender and the receiver, allowing them to eavesdrop on the communication and potentially modify or manipulate the data being transmitted.

Option A) The attacker intercepts a message or data transfer between the sender and the receiver - This option is correct. As explained above, a man-in-the-middle attack involves intercepting the communication between the sender and the receiver.

Option B) The attacker impersonates an authorized user or service in order to gain access to your system - This option is incorrect. While impersonation can be a part of a man-in-the-middle attack, it does not necessarily mean that the attacker gains access to the system.

Option C) Both 1 & 2 - This option is incorrect. Option 2 is not entirely accurate in describing a man-in-the-middle attack.

Option D) None of the above - This option is incorrect. Option A correctly describes a man-in-the-middle attack.

Therefore, the correct answer is A) The attacker intercepts a message or data transfer between the sender and the receiver.

Which is not a malicious software?
technology security

  1. Virus

  2. Worm

  3. Macro

  4. Rootkit

Show answer
Correct Option: C

For which of the following can be Software Capability Maturity Model (CMM) be useful?

technology security

  1. Making intuitive judgments

  2. Making realistic predictions

  3. Making conservative estimates

  4. Rational planning of software projects

Show answer
Correct Option: D
- Hide questions
ADVERTISEMENT

Find more quizzes from top tags

general knowledge
3615 Quizzes
119858 Questions
 technology
307 Quizzes
36705 Questions
 sports
963 Quizzes
19148 Questions
 history
1187 Quizzes
13475 Questions
 physics
598 Quizzes
13441 Questions
 biology
1160 Quizzes
12174 Questions
 science & technology
551 Quizzes
11015 Questions
 chemistry
490 Quizzes
9892 Questions
 maths
518 Quizzes
9324 Questions
 softskills
0 Quizzes
7131 Questions