2998294
Description
Quiz by Carlos Veliz, updated more than 1 year ago
|
Created by Carlos Veliz
almost 9 years ago
|
|
Question 1
Question
In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:
Answer
-
Secure Configuration
-
Application Design
-
Security Policies
-
Code Logic Deviation
-
Brand Image Damage
Question 2
Question
It is not an countermeasure for Cross-Site Scrpting:
Answer
-
Configure web browser to disable scripting
-
Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8
-
Use filter techniques that store and process input variables on the server
-
Appropriately use GET and POST requests
-
Use properly designed error handling mechanisms for reporting input errors
Question 3
Question
It is not an countermeasure for Cross-Site Request Forgery:
Answer
-
Web applications should use string authentications methods such as cookies, http authentication, etc.
-
Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks
-
Use page tokens such as time tokens that change with every http or https page requests
-
Appropriately use GET asn POST requests
-
Configure web browser to disable scripting
Question 4
Question
It is a countermeasure for Directory Traversal
Answer
-
1). Apply checks/hot fixes to preven explotation
-
2). Define access rights to the protected areas of the website
-
3). Update server software at regular intervals
-
4) 1 and 3
-
5) 2 and 4
Question 5
Question
In HTTP Response Splitting. Attacker splits the HTTP response by:
Answer
-
Http Hearder Splitting
-
Http redirect
-
Http cookie header
-
All of the above
-
None of the above
Question 6
Question
It is not an countermeasure Parameter Manipulation
Answer
-
Use string input validating mechanisms for user data inputs
-
Implement a strict application security routines and updates
-
Use strictly confiured firewall to block and identify parameters that are defined in a web page
-
Disallow and filter CR/LF characters
-
Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges
Question 7
Question
Which statement does not describe an XPath injection?
Answer
-
The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts
-
This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site
-
XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data
-
If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended
Question 8
Question
It is not an countermeasure for Injection Attacks:
Answer
-
Defined Denial of service attacks by using SAX based parsing
-
Replace all single quotes with two single quotes
-
It is always suggested to use less privileged accounts to access the database
-
Disabling authentications based data access control
Question 9
Question
Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?
Answer
-
LR/FF
-
CR/LF
-
CR/HT
-
LF/FS
-
LR/FS
Question 10
Question
In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:
Answer
-
Applications Crash
-
CSRF Attack
-
Lack of Proper authentication
-
Damage Systems
-
Brand Image Damage
Want to create your own Quizzes for free with GoConqr? Learn more.