Kopieren und bearbeiten

Java Mix Test 42p

Beschreibung

Mix Test 42p
Carlos Veliz
Quiz von Carlos Veliz, aktualisiert more than 1 year ago
Carlos Veliz
Erstellt von Carlos Veliz vor fast 9 Jahre
32
0
0

Zusammenfassung der Ressource

Frage 1

Frage
Defines interfaces and classes to help in internet communications authentication:
Antworten
  • Java.security
  • Java SASL API
  • JCE
  • JAAS
  • None of the above

Frage 2

Frage
It is not part of the Java Cryptography Architecture:
Antworten
  • RSA
  • Triple DES
  • Standard Algorithms
  • Class Loader
  • Sandbox

Frage 3

Frage
Java protects the user from hostile applications that hamper security through the concept:
Antworten
  • Security Manager
  • Sandbox
  • Intermediate fikes
  • Java Complier
  • None of the above

Frage 4

Frage
Is an open source program that uses static analysis to identify hundreds of different potential types of errores in Java programs:
Antworten
  • FxCop
  • FindErrors
  • FxBugs
  • FindBugs
  • None of the above

Frage 5

Frage
It is not a functionality of FindBugs:
Antworten
  • Eliminate security mistakes found.
  • Find security mistakes.
  • Reduce development time.
  • All of the above
  • None of the above

Frage 6

Frage
Which of the following stages of the life cycle, has the lowest relative cost to fix a software defect?
Antworten
  • In service
  • Design
  • Requirements Definition
  • Customer Testing
  • Programming

Frage 7

Frage
It is a feature of a secured software:
Antworten
  • Trustworthiness
  • Modularity
  • Reliability
  • Availability
  • All of the above

Frage 8

Frage
Following questions help analyze and improve the security of a software
Antworten
  • 1) What area the various types od defects that cause security vulnerabilities?
  • 2) Which tools can be used for measuring the defects?
  • 3)How many lines to have the source code?
  • 4) 1 and 2
  • 5) 2 and 3

Frage 9

Frage
"This method helps to split the complex and large problems into smaller ones resulting in quick and effcicent problem solving rather than dealing with the whole". This concept belongs to:
Antworten
  • Abstraction
  • Decomposition
  • Design
  • Complexity
  • None of the above options

Frage 10

Frage
Threat modeling. Which of the following is not a security technique?
Antworten
  • Threat Mitigation
  • Threat trees
  • Privilege boundaries
  • Entry point identification
  • None of the above options

Frage 11

Frage
Threat modeling. Which of the following is not a correct approach?
Antworten
  • Hybrid Centric
  • Software/Design Centric
  • Attack Centric
  • Threat Centric
  • Asset Centric

Frage 12

Frage
What method is used to identify the following threats? spoofing, tampering, DoS, information disclosure and elevation of privileges
Antworten
  • Attack Tree Structures
  • Stride
  • Information Gathering
  • ASF
  • None of the above options

Frage 13

Frage
Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle:
Antworten
  • ADSL Threat modeling
  • SDL Threat modeling
  • Analyze Model
  • Analyze and generate model
  • None of the above options

Frage 14

Frage
How will you implement secure file handling to prevent malicious file inclusion and DoS attacks?
Antworten
  • Findbugs
  • SecureFilehandling
  • FxCop
  • SecureFile
  • None of the above options

Frage 15

Frage
The SecureFilehandling application only accepts the following file extensions:
Antworten
  • .xlsx
  • .class
  • .obj
  • .exe
  • Accepts all file extensions

Frage 16

Frage
What are the types of streams in Java?
Antworten
  • Character and Byte Stream
  • Byte and Compact Stream
  • Character and Encode Stream
  • All of the above
  • None of the above options

Frage 17

Frage
It is not a proper access privileges:
Antworten
  • The owner grants permission to the users to access the content available in the systems
  • All the files are created with access permissions so that unauthorized access can be denied
  • Multi user systems are generally owned by a particular user for instance system admin etc.
  • There ara various classes in java that handle characters streams and byte streams separately
  • None of the above options

Frage 18

Frage
Which of the following instructions ensures proper File Cleanup when a program terminates?
Antworten
  • Runtime.getRuntime().exit(1);
  • exit();
  • terminate();
  • out.exit();
  • out.close();

Frage 19

Frage
"It prevents untrusted code from modifying the class internal layout". In Security Manager Checks, this concept corresponds to:
Antworten
  • Prevents extracting any data
  • Check Constructor
  • Prevents modification
  • Prevents handling
  • None of the above options

Frage 20

Frage
The project InputValidation not control one of the following statements?
Antworten
  • User login
  • User Password
  • Size password
  • User size
  • None of the above options

Frage 21

Frage
On which side it is recommended to apply input validation?
Antworten
  • client-side
  • server-side
  • both
  • None of the above

Frage 22

Frage
Which of the following types of input parameters is the most used in SQL vulnerabilities?
Antworten
  • Structured text
  • number
  • boolean
  • freetext
  • list of structured text

Frage 23

Frage
Which of the following types of input parameters is the least used in XSS vulnerabilities?
Antworten
  • List of free text
  • structured text
  • number
  • boolean
  • enumeration

Frage 24

Frage
What is the exact description of the regular expression "(a-z A-Z)(a-z A-Z 0-9_$)"?
Antworten
  • A valid java identifier consisting of alphanumeric characters, undercores and dolar signs with the first characer being an alphabet
  • A valid java identifier consisting of alphanumeric charecters and dollar signs with the first cgaracter bieng an alphabet
  • Any two-digit alphanumeric from 0-99 and a-z
  • Matches az, AZ and 9$

Frage 25

Frage
Which of the following is not a recommendation of struts validation and securitiy?
Antworten
  • The absence of validation for a single field may allow attackers to exploit the application
  • Struts validation is done to prevent attacks caused through inchecked input
  • Each and every field included in the form should be validates in the correspondig validation form
  • Input validation through Servet filters in Java web applications is effecvtive due to minor modifications needed for input validation and servlet filets are centralized in nature
  • None of the above

Frage 26

Frage
Indicate that statement does not belong to the class RuntimeException:
Antworten
  • ArrayStoreException
  • NegativeArraySizeException
  • FileNotFoundException
  • NullPointerException
  • SecurityException

Frage 27

Frage
Which of the following is an exceptional behavior erroneous?
Antworten
  • Never catch NullPointerException
  • Disclosing sensitive information
  • Never throw undeclared checked exceptions
  • Logging sensitive data
  • All of the above

Frage 28

Frage
Examples of Java Logging Frameworks:
Antworten
  • Apache Commons Logging
  • Log4J
  • Java Logging API
  • SLF4J
  • All of the above

Frage 29

Frage
Which of the following is not a Secured Practices in Logging?
Antworten
  • Log Debug messages inside isDebugEnabled()
  • Make use of good java logging frameworks like java.util.logging or log4j
  • Log messages consitently and the messages must be informative
  • Ensure to include the formar of the java loggind in the specified java logger
  • Ensure to remove temporary files before termination to avoid information leakage and resource exhaustion

Frage 30

Frage
HTTP Basic Authentication:
Antworten
  • Request a protected resource - Request username password - Sends username password - returns requested resource
  • Request username password - Sends username password - returns requested resource
  • Request username password - Request a protected resource - Sends username password - returns requested resource
  • Sends username password - Request username password - Request a protected resource - returns requested resource
  • None of the above options

Frage 31

Frage
Which of the following is not a measure of prevention for attacks weak password?
Antworten
  • Impose a password againg policy
  • Impose web application accepts only user id credentials that contain all valid characters including special characters like !, @, #, $, etc.
  • Incorrect authentication failure messages should be avoided
  • Implement account lockout policy
  • None of the above

Frage 32

Frage
Which of the following statements does not describe RBAC?
Antworten
  • It functions on the concept of user roles and information accessibility
  • This is the popular access control model
  • A user has access to resources based on the role assigned; roles are allocated depending on job function
  • The access control policies are imposed on policy, specific to the user
  • An organization has different departments, and roles are assigned based on requirements

Frage 33

Frage
Which of the following is not a feature of JAAS?
Antworten
  • Is implemented usign pure JAVA
  • Supports single sig-on for login authentication in J2EE appplications
  • Provides centralized rol based control that includes hierarchical roles
  • Is implemented usign JAVA and JavaScript
  • Authentication of users is done through PAM Framework

Frage 34

Frage
JAAS Configuration. The configurations file format consists of the following entries:
Antworten
  • LoginEntry
  • ModuleClass
  • Flag
  • Option="value"
  • All options are correct

Frage 35

Frage
In the architecture of a Java EE application. Which of the following is not a component of the Web level?
Antworten
  • Web Services Client
  • Servlet
  • App Flow Processor
  • View Manager
  • None of the above

Frage 36

Frage
Concurrency in Java. Which of the following is not a state of a thread?
Antworten
  • Suspended
  • Resumed
  • Blocked
  • Dead
  • Reset

Frage 37

Frage
In ]ava, the following methods are vulnerable to race condition:
Antworten
  • 1) start()
  • 2) stop()
  • 3) init()
  • 4) 1 and 3
  • 5) 1, 2 and 3

Frage 38

Frage
It is a countermeasure to session hijacking:
Antworten
  • See the session is not expired after users log out
  • Regularly clear the history and offline content
  • Prefer http than https in case of sensitive and confidential transactions
  • Make sure that cookies and sessions are stored from the browser
  • None of the above

Frage 39

Frage
Which of the following statements does not include the Java Criptography Arquitecture engine?
Antworten
  • Key Store
  • Key pair Generator
  • Key Tools
  • CertStore
  • Key Factories

Frage 40

Frage
javax.net and javax.net.ssl packages are the standard JSSE APIs that includes important classes such as:
Antworten
  • 1) SSLSocket
  • 2) SocketFactory
  • 3) ServerSocketFactory
  • 4) All of the above
  • 5) None of the above

Frage 41

Frage
It is not a tool Java Cryptography:
Antworten
  • JCryption
  • Optimus Java
  • PrimeInk JAva
  • jdnssec
  • Cryptix

Frage 42

Frage
Which of the following is not a countermeasure CRSF?
Antworten
  • Appropriately use GET and Post requests
  • Implement OWASP CRFGuard Library
  • Web applications should use weak authentications methods such as cookies, http authentication, etc
  • Check the referrer such as HTTP "referer"
  • None of the above
Zusammenfassung anzeigen Zusammenfassung ausblenden

Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.

ähnlicher Inhalt

DIVISORES...
Ulises Yo
PASO 39. MUNCIPIO VARIOS
Paco Tur Fornés
Java Concurrency and Session Management
Carlos Veliz
Introduction to Java Security
Carlos Veliz
1ER PARCIAL 6º DERECHO NOCTURNO
Marianela Deleón Romay
Authentication and Authorization
Carlos Veliz
ECSP JAVA: JAAS
Carlos Veliz
Criptography
Carlos Veliz
Java - Mix
Carlos Veliz
varios
alejandra msrtin
Java Application Vulnerabilities
Carlos Veliz
Bibliothek durchsuchen