2998294
Descripción
Test por Carlos Veliz, actualizado hace más de 1 año
|
Creado por Carlos Veliz
hace casi 9 años
|
|
Pregunta 1
Pregunta
In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:
Respuesta
-
Secure Configuration
-
Application Design
-
Security Policies
-
Code Logic Deviation
-
Brand Image Damage
Pregunta 2
Pregunta
It is not an countermeasure for Cross-Site Scrpting:
Respuesta
-
Configure web browser to disable scripting
-
Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8
-
Use filter techniques that store and process input variables on the server
-
Appropriately use GET and POST requests
-
Use properly designed error handling mechanisms for reporting input errors
Pregunta 3
Pregunta
It is not an countermeasure for Cross-Site Request Forgery:
Respuesta
-
Web applications should use string authentications methods such as cookies, http authentication, etc.
-
Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks
-
Use page tokens such as time tokens that change with every http or https page requests
-
Appropriately use GET asn POST requests
-
Configure web browser to disable scripting
Pregunta 4
Pregunta
It is a countermeasure for Directory Traversal
Respuesta
-
1). Apply checks/hot fixes to preven explotation
-
2). Define access rights to the protected areas of the website
-
3). Update server software at regular intervals
-
4) 1 and 3
-
5) 2 and 4
Pregunta 5
Pregunta
In HTTP Response Splitting. Attacker splits the HTTP response by:
Respuesta
-
Http Hearder Splitting
-
Http redirect
-
Http cookie header
-
All of the above
-
None of the above
Pregunta 6
Pregunta
It is not an countermeasure Parameter Manipulation
Respuesta
-
Use string input validating mechanisms for user data inputs
-
Implement a strict application security routines and updates
-
Use strictly confiured firewall to block and identify parameters that are defined in a web page
-
Disallow and filter CR/LF characters
-
Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges
Pregunta 7
Pregunta
Which statement does not describe an XPath injection?
Respuesta
-
The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts
-
This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site
-
XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data
-
If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended
Pregunta 8
Pregunta
It is not an countermeasure for Injection Attacks:
Respuesta
-
Defined Denial of service attacks by using SAX based parsing
-
Replace all single quotes with two single quotes
-
It is always suggested to use less privileged accounts to access the database
-
Disabling authentications based data access control
Pregunta 9
Pregunta
Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?
Respuesta
-
LR/FF
-
CR/LF
-
CR/HT
-
LF/FS
-
LR/FS
Pregunta 10
Pregunta
In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:
Respuesta
-
Applications Crash
-
CSRF Attack
-
Lack of Proper authentication
-
Damage Systems
-
Brand Image Damage
¿Quieres crear tus propios Tests gratis con GoConqr? Más información.