0

security Online Quiz - 66

Description: security Online Quiz - 66
Number of Questions: 32
Created by:
Tags: security
Attempted 0/32 Correct 0 Score 0
  1. Include the authentication element.

  2. Include the authorization element.

  3. Include the identity element.

  4. Include the deny element.


Correct Option: B
  1. Cross site Scripting

  2. Injection flaws

  3. Privilege Escalation

  4. None of the above


Correct Option: C
  1. Server side Validation

  2. Client side Validation

  3. None of the above

  4. Both 1 and 2


Correct Option: B
  1. Privilege Escalations

  2. Path traversal Attack

  3. Cross Site Scripting

  4. Buffer overflow


Correct Option: B
  1. an ASCII file that contains an entry for each user

  2. File which is created and maintained by a server of activity performed by it.

  3. short python program that prints the list of all files inside the current directory

  4. File which is created and maintained by the operating system


Correct Option: B

HTTP Vs HTTPS

  1. uses different ports

  2. HTTPS is insure while HTTP is secure

  3. HTTPS is designed to withstand such attacks and is secure.

  4. Both 1 and 3

  5. Both 2 and 3


Correct Option: D

As a preventive measure what needs to be done while accessing the Database?

  1. Use of dynamic Query with System Privilege Account

  2. Use of Prepared Statements

  3. Use Least Privilege Account

  4. Both 1 and 3

  5. Both 2 and 3


Correct Option: E

How many types of Privilege Escalations can happen in the Web Applications?

  1. One

  2. Two

  3. Three

  4. Four


Correct Option: B

What can be the Best Preventive measures against different vulnerabilities?

  1. Firewall

  2. Input Validation

  3. Updated Antivirus

  4. Extension check for file


Correct Option: B

AI Explanation

To answer this question, let's go through each option to understand why it is correct or incorrect:

Option A) Firewall - Firewalls help protect against unauthorized access to your network by monitoring and controlling incoming and outgoing network traffic. While firewalls can help prevent certain types of vulnerabilities, they are not the most effective preventive measure against all vulnerabilities. Therefore, this option is incorrect.

Option B) Input Validation - Input validation is the process of checking and validating user input to ensure that it meets specified criteria. By implementing input validation, you can prevent common vulnerabilities such as SQL injection, cross-site scripting (XSS), and command injection. This option is correct because input validation is an effective preventive measure against various vulnerabilities.

Option C) Updated Antivirus - While having an updated antivirus program is essential for protecting against malware and viruses, it is not the most effective preventive measure against all vulnerabilities. Antivirus software primarily focuses on detecting and removing malicious software, but it may not prevent vulnerabilities caused by insecure coding practices or configuration errors. Therefore, this option is incorrect.

Option D) Extension check for file - Checking the extension of a file can help prevent certain types of vulnerabilities, such as file upload vulnerabilities. By validating the file extension, you can ensure that only allowed file types are uploaded, reducing the risk of executing malicious code. However, this measure alone is not sufficient to prevent all vulnerabilities. Therefore, this option is incorrect.

The correct answer is Option B) Input Validation. This option is correct because input validation is a fundamental preventive measure that helps protect against various vulnerabilities.

Which of the following vulnerability can not be handled by Input Validation?

  1. Cross site Scripting

  2. Injection flaws

  3. Privilege Escalation

  4. None of the above


Correct Option: C

Which validation can be bypassed easily?

  1. Server side Validation

  2. Client side Validation

  3. None of the above

  4. Both 1 and 2


Correct Option: B

Allowing user input to control paths used in file system operations may results in----

  1. Privilege Escalations

  2. Path traversal Attack

  3. Cross Site Scripting

  4. Buffer overflow


Correct Option: B

What is a Log File.

  1. an ASCII file that contains an entry for each user

  2. File which is created and maintained by a server of activity performed by it

  3. short python program that prints the list of all files inside the current directory

  4. File which is created and maintained by the operating system


Correct Option: B

HTTP Vs HTTPS

  1. uses different ports

  2. HTTPS is insure while HTTP is secure

  3. HTTPS is designed to withstand such attacks and is secure.

  4. Both 1 and 3

  5. Both 2 and 3


Correct Option: D

Cookie is—

  1. stored on Server

  2. executable text

  3. used for authentication

  4. all of the above


Correct Option: C

It is 802.11 network detector, packet sniffer, and intrusion detection system which work passively.

  1. Kismet

  2. Nmap

  3. Crackspider

  4. John the Ripper


Correct Option: A

The first virus that used polymorphic engine to mutate itself to avoid detection by Anti-Virus but keep the base algorithm same is

  1. Virut

  2. Morph

  3. 1260

  4. Timid Virus


Correct Option: C

A type of computer threat that exploits vulnerabilities in Application that is not yet known to vendor or others and for which a patch is yet to be released

  1. Rootkit

  2. Denial of Service

  3. Zero Day

  4. Worm


Correct Option: C

The last Service Pack for Windows XP was

  1. SP3

  2. SP2

  3. SP4

  4. SP1


Correct Option: A

A technique where in a hacker masquerades a fake website to look like the original one to obtain sensitive information from a victim

  1. Keylogging

  2. Backdoor

  3. Phishing

  4. Masquerading


Correct Option: C
Explanation:

To solve this question, the user needs to be familiar with different hacking techniques. The user must identify the technique used by the hacker to obtain sensitive information from a victim.

The correct answer is:

C. Phishing

Explanation:

Phishing is a technique used by hackers to create a fake website or email to look like an original one to trick the victims into providing sensitive information, such as passwords, credit card numbers, or social security numbers. The fake website or email will usually contain a link to the original website, but when the victim clicks on the link, they will be directed to the fake website where the hacker can obtain their sensitive information.

Option A, Keylogging, is a technique used to record the keystrokes of a victim to obtain their login credentials.

Option B, Backdoor, is a technique used to create a hidden entry point to a computer system to gain access to it later.

Option D, Masquerading, is a general term that refers to any technique used to disguise oneself or one's activities.

Therefore, the correct answer is C. Phishing.

A variant of computer malware whose name was influenced by Greek Mythology

  1. Chimera

  2. Trojan

  3. Hercules

  4. Hydra


Correct Option: B

Pick Odd One Out :

  1. AES

  2. DES

  3. RSA

  4. MARS


Correct Option: B

AI Explanation

To answer this question, you need to understand the different encryption algorithms.

Option A) AES - AES stands for Advanced Encryption Standard. It is a symmetric encryption algorithm widely used for securing sensitive data. AES is a strong encryption algorithm and is considered to be secure.

Option B) DES - DES stands for Data Encryption Standard. It is a symmetric encryption algorithm that was widely used in the past. However, DES is no longer considered secure due to its small key size.

Option C) RSA - RSA is an asymmetric encryption algorithm named after its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman. RSA is widely used for secure communication and digital signatures. It is based on the mathematical properties of large prime numbers.

Option D) MARS - MARS stands for Multiple-precision Advanced RISC Machine. However, MARS is not an encryption algorithm. It is a type of microprocessor architecture used in computer systems.

The correct answer is B) DES. DES is the odd one out because it is an outdated encryption algorithm that is no longer considered secure. AES, RSA, and MARS are all valid encryption-related terms or algorithms.

Which of the Following uses Symetric Metrix to Encrypt data

  1. Blow Fish

  2. Two Fish

  3. Rijindale

  4. Caesar


Correct Option: B,C

How many versions does a DES algorithm have

  1. 5

  2. 2

  3. 9

  4. 13


Correct Option: B

What is the Vulnerability of AES Encryption

  1. Brute force Attack

  2. Variable Key Attack

  3. Round Key Analysis

  4. Plain Text Attack


Correct Option: D

How many Standard versions of AES algorithm are available

  1. 1

  2. 2

  3. 3

  4. 4


Correct Option: C

How do you fix the unbounded string copy in the following code? char fname[20]; /* 1 / cout << “Enter First Name:”; / 2 / cin >> fname ; / 3 */

  1. Replace cin call in line 3 with gets() function

  2. The length of input from cin cannot be limited. Use a larger array for fname

  3. Use cin.width[20] before line 3

  4. Use cin.size[19] before line 3


Correct Option: C

Are there any memory issues in the following code? Please assume that variable inputsize has the correct size. int add_num_array(int inputsize, int num) { int newnum = malloc (inputsize * sizeof(int)); / 1 */ int i; for (i=0; i

  1. No vulnerabilities are present

  2. Line 1 should only use malloc(inputsize)

  3. Line 2 should be for (i=0; i<=n, i++)

  4. Line 1 should use calloc() instead of malloc()


Correct Option: D

What is the vulnerability in this code? char output[20]; /* Assume data is a character array with value %200d asdf */ sprintf(output, data);

  1. Buffer overflow

  2. Off by one error

  3. Format string vulnerability

  4. No vulnerabilities are present in this code


Correct Option: C

What is the vulnerability in this code? int main(int argc, char * argv[]) { printf (argv[1]); }

  1. Buffer overflow

  2. Off by one error

  3. Format string vulnerability

  4. No vulnerabilities are present in this code


Correct Option: C

What is the possible vulnerability in this code? unsigned int total, userinput1, userinput2; userinput1 = receiveInput(); userinput2 = receiveInput(); total = userinput1 + userinput2;

  1. Integer overflow

  2. Buffer overflow

  3. Stack overflow

  4. Data type mismatch


Correct Option: A
- Hide questions