Carlos Veliz
Quiz by , created more than 1 year ago

Mix Test 42p

24
0
0
Tags
Carlos Veliz
Created by Carlos Veliz over 4 years ago
Close
  • Java Mix Test 42p

    Question 1 of 42

    1

    Defines interfaces and classes to help in internet communications authentication:

    Select one of the following:

    • Java.security

    • Java SASL API

    • JCE

    • JAAS

    • None of the above

    Question 2 of 42

    1

    It is not part of the Java Cryptography Architecture:

    Select one of the following:

    • RSA

    • Triple DES

    • Standard Algorithms

    • Class Loader

    • Sandbox

    Question 3 of 42

    1

    Java protects the user from hostile applications that hamper security through the concept:

    Select one of the following:

    • Security Manager

    • Sandbox

    • Intermediate fikes

    • Java Complier

    • None of the above

    Question 4 of 42

    1

    Is an open source program that uses static analysis to identify hundreds of different potential types of errores in Java programs:

    Select one of the following:

    • FxCop

    • FindErrors

    • FxBugs

    • FindBugs

    • None of the above

    Question 5 of 42

    1

    It is not a functionality of FindBugs:

    Select one of the following:

    • Eliminate security mistakes found.

    • Find security mistakes.

    • Reduce development time.

    • All of the above

    • None of the above

    Question 6 of 42

    1

    Which of the following stages of the life cycle, has the lowest relative cost to fix a software defect?

    Select one of the following:

    • In service

    • Design

    • Requirements Definition

    • Customer Testing

    • Programming

    Question 7 of 42

    1

    It is a feature of a secured software:

    Select one of the following:

    • Trustworthiness

    • Modularity

    • Reliability

    • Availability

    • All of the above

    Question 8 of 42

    1

    Following questions help analyze and improve the security of a software

    Select one of the following:

    • 1) What area the various types od defects that cause security vulnerabilities?

    • 2) Which tools can be used for measuring the defects?

    • 3)How many lines to have the source code?

    • 4) 1 and 2

    • 5) 2 and 3

    Question 9 of 42

    1

    "This method helps to split the complex and large problems into smaller ones resulting in quick and effcicent problem solving rather than dealing with the whole". This concept belongs to:

    Select one of the following:

    • Abstraction

    • Decomposition

    • Design

    • Complexity

    • None of the above options

    Question 10 of 42

    1

    Threat modeling. Which of the following is not a security technique?

    Select one of the following:

    • Threat Mitigation

    • Threat trees

    • Privilege boundaries

    • Entry point identification

    • None of the above options

    Question 11 of 42

    1

    Threat modeling. Which of the following is not a correct approach?

    Select one of the following:

    • Hybrid Centric

    • Software/Design Centric

    • Attack Centric

    • Threat Centric

    • Asset Centric

    Question 12 of 42

    1

    What method is used to identify the following threats?
    spoofing, tampering, DoS, information disclosure and elevation of privileges

    Select one of the following:

    • Attack Tree Structures

    • Stride

    • Information Gathering

    • ASF

    • None of the above options

    Question 13 of 42

    1

    Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle:

    Select one of the following:

    • ADSL Threat modeling

    • SDL Threat modeling

    • Analyze Model

    • Analyze and generate model

    • None of the above options

    Question 14 of 42

    1

    How will you implement secure file handling to prevent malicious file inclusion and DoS attacks?

    Select one of the following:

    • Findbugs

    • SecureFilehandling

    • FxCop

    • SecureFile

    • None of the above options

    Question 15 of 42

    1

    The SecureFilehandling application only accepts the following file extensions:

    Select one of the following:

    • .xlsx

    • .class

    • .obj

    • .exe

    • Accepts all file extensions

    Question 16 of 42

    1

    What are the types of streams in Java?

    Select one of the following:

    • Character and Byte Stream

    • Byte and Compact Stream

    • Character and Encode Stream

    • All of the above

    • None of the above options

    Question 17 of 42

    1

    It is not a proper access privileges:

    Select one of the following:

    • The owner grants permission to the users to access the content available in the systems

    • All the files are created with access permissions so that unauthorized access can be denied

    • Multi user systems are generally owned by a particular user for instance system admin etc.

    • There ara various classes in java that handle characters streams and byte streams separately

    • None of the above options

    Question 18 of 42

    1

    Which of the following instructions ensures proper File Cleanup when a program terminates?

    Select one of the following:

    • Runtime.getRuntime().exit(1);

    • exit();

    • terminate();

    • out.exit();

    • out.close();

    Question 19 of 42

    1

    "It prevents untrusted code from modifying the class internal layout". In Security Manager Checks, this concept corresponds to:

    Select one of the following:

    • Prevents extracting any data

    • Check Constructor

    • Prevents modification

    • Prevents handling

    • None of the above options

    Question 20 of 42

    1

    The project InputValidation not control one of the following statements?

    Select one of the following:

    • User login

    • User Password

    • Size password

    • User size

    • None of the above options

    Question 21 of 42

    1

    On which side it is recommended to apply input validation?

    Select one of the following:

    • client-side

    • server-side

    • both

    • None of the above

    Question 22 of 42

    1

    Which of the following types of input parameters is the most used in SQL vulnerabilities?

    Select one of the following:

    • Structured text

    • number

    • boolean

    • freetext

    • list of structured text

    Question 23 of 42

    1

    Which of the following types of input parameters is the least used in XSS vulnerabilities?

    Select one of the following:

    • List of free text

    • structured text

    • number

    • boolean

    • enumeration

    Question 24 of 42

    1

    What is the exact description of the regular expression "(a-z A-Z)(a-z A-Z 0-9_$)"?

    Select one of the following:

    • A valid java identifier consisting of alphanumeric characters, undercores and dolar signs with the first characer being an alphabet

    • A valid java identifier consisting of alphanumeric charecters and dollar signs with the first cgaracter bieng an alphabet

    • Any two-digit alphanumeric from 0-99 and a-z

    • Matches az, AZ and 9$

    Question 25 of 42

    1

    Which of the following is not a recommendation of struts validation and securitiy?

    Select one of the following:

    • The absence of validation for a single field may allow attackers to exploit the application

    • Struts validation is done to prevent attacks caused through inchecked input

    • Each and every field included in the form should be validates in the correspondig validation form

    • Input validation through Servet filters in Java web applications is effecvtive due to minor modifications needed for input validation and servlet filets are centralized in nature

    • None of the above

    Question 26 of 42

    1

    Indicate that statement does not belong to the class RuntimeException:

    Select one of the following:

    • ArrayStoreException

    • NegativeArraySizeException

    • FileNotFoundException

    • NullPointerException

    • SecurityException

    Question 27 of 42

    1

    Which of the following is an exceptional behavior erroneous?

    Select one of the following:

    • Never catch NullPointerException

    • Disclosing sensitive information

    • Never throw undeclared checked exceptions

    • Logging sensitive data

    • All of the above

    Question 28 of 42

    1

    Examples of Java Logging Frameworks:

    Select one of the following:

    • Apache Commons Logging

    • Log4J

    • Java Logging API

    • SLF4J

    • All of the above

    Question 29 of 42

    1

    Which of the following is not a Secured Practices in Logging?

    Select one of the following:

    • Log Debug messages inside isDebugEnabled()

    • Make use of good java logging frameworks like java.util.logging or log4j

    • Log messages consitently and the messages must be informative

    • Ensure to include the formar of the java loggind in the specified java logger

    • Ensure to remove temporary files before termination to avoid information leakage and resource exhaustion

    Question 30 of 42

    1

    HTTP Basic Authentication:

    Select one of the following:

    • Request a protected resource - Request username password - Sends username password - returns requested resource

    • Request username password - Sends username password - returns requested resource

    • Request username password - Request a protected resource - Sends username password - returns requested resource

    • Sends username password - Request username password - Request a protected resource - returns requested resource

    • None of the above options

    Question 31 of 42

    1

    Which of the following is not a measure of prevention for attacks weak password?

    Select one of the following:

    • Impose a password againg policy

    • Impose web application accepts only user id credentials that contain all valid characters including special characters like !, @, #, $, etc.

    • Incorrect authentication failure messages should be avoided

    • Implement account lockout policy

    • None of the above

    Question 32 of 42

    1

    Which of the following statements does not describe RBAC?

    Select one of the following:

    • It functions on the concept of user roles and information accessibility

    • This is the popular access control model

    • A user has access to resources based on the role assigned; roles are allocated depending on job function

    • The access control policies are imposed on policy, specific to the user

    • An organization has different departments, and roles are assigned based on requirements

    Question 33 of 42

    1

    Which of the following is not a feature of JAAS?

    Select one of the following:

    • Is implemented usign pure JAVA

    • Supports single sig-on for login authentication in J2EE appplications

    • Provides centralized rol based control that includes hierarchical roles

    • Is implemented usign JAVA and JavaScript

    • Authentication of users is done through PAM Framework

    Question 34 of 42

    1

    JAAS Configuration. The configurations file format consists of the following entries:

    Select one of the following:

    • LoginEntry

    • ModuleClass

    • Flag

    • Option="value"

    • All options are correct

    Question 35 of 42

    1

    In the architecture of a Java EE application. Which of the following is not a component of the Web level?

    Select one of the following:

    • Web Services Client

    • Servlet

    • App Flow Processor

    • View Manager

    • None of the above

    Question 36 of 42

    1

    Concurrency in Java. Which of the following is not a state of a thread?

    Select one of the following:

    • Suspended

    • Resumed

    • Blocked

    • Dead

    • Reset

    Question 37 of 42

    1

    In ]ava, the following methods are vulnerable to race condition:

    Select one of the following:

    • 1) start()

    • 2) stop()

    • 3) init()

    • 4) 1 and 3

    • 5) 1, 2 and 3

    Question 38 of 42

    1

    It is a countermeasure to session hijacking:

    Select one of the following:

    • See the session is not expired after users log out

    • Regularly clear the history and offline content

    • Prefer http than https in case of sensitive and confidential transactions

    • Make sure that cookies and sessions are stored from the browser

    • None of the above

    Question 39 of 42

    1

    Which of the following statements does not include the Java Criptography Arquitecture engine?

    Select one of the following:

    • Key Store

    • Key pair Generator

    • Key Tools

    • CertStore

    • Key Factories

    Question 40 of 42

    1

    javax.net and javax.net.ssl packages are the standard JSSE APIs that includes important classes such as:

    Select one of the following:

    • 1) SSLSocket

    • 2) SocketFactory

    • 3) ServerSocketFactory

    • 4) All of the above

    • 5) None of the above

    Question 41 of 42

    1

    It is not a tool Java Cryptography:

    Select one of the following:

    • JCryption

    • Optimus Java

    • PrimeInk JAva

    • jdnssec

    • Cryptix

    Question 42 of 42

    1

    Which of the following is not a countermeasure CRSF?

    Select one of the following:

    • Appropriately use GET and Post requests

    • Implement OWASP CRFGuard Library

    • Web applications should use weak authentications methods such as cookies, http authentication, etc

    • Check the referrer such as HTTP "referer"

    • None of the above