2998603
Descripción
Test por Carlos Veliz, actualizado hace más de 1 año
|
Creado por Carlos Veliz
hace casi 9 años
|
|
Pregunta 1
Pregunta
Which of the following statements is not part of the types of authentication mechanisms?
Respuesta
-
HTTP Basic Authentication
-
Form-Based Authentication
-
Authentication 802.1x
-
Client/Server Mutual Authentication
Pregunta 2
Pregunta
Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?
Respuesta
-
Requests a protected resource
-
Request username password
-
Redirect to login page
-
Returns request resource
-
Sends username password
Pregunta 3
Pregunta
Indicate whether the following definition is true or false for form-based authentication:
"SSL can be added to part or whole of the web application"
Respuesta
-
True
-
False
Pregunta 4
Pregunta
It is not part of the job overview of Kerberos:
Respuesta
-
Key Distribution Centre in Kerberos stores account information and client passwords
-
Working proccess is invisible to the user
-
This mechanism issues tickets containing user identity, encrypted password, encrypted data
-
Client authentication ensures that the users are legitimate or not
Pregunta 5
Pregunta
It is not a way to prevent Web-based enumeration attack:
Respuesta
-
Lock out targeted account access after a certain restricted failed attempts
-
Web applications need to respond with similar error messages to all authentication failures
-
Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage
-
Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage
Pregunta 6
Pregunta
Authorization is the proccess that control access rights of principals to system resources that include:
Respuesta
-
Access to users
-
Access to proccess
-
Access to machines
-
All of the above
-
None of the above
Pregunta 7
Pregunta
Which is the fifth step in implementing authorization?
Respuesta
-
Defining roles to users
-
check for user authentication for the application
-
Apply the constrains which are accessible by role
-
Define security roles of an application to roles defined in memory realm
Pregunta 8
Pregunta
It is not part of the access control model:
Respuesta
-
System Domain
-
AWT
-
Printer
-
Database Server
-
File I/O
Pregunta 9
Pregunta
Which of the following statements is not part of the principles of least privilege?
Respuesta
-
User account should have enongh privileges according to their task
-
Evaluate and implement code access permissions
-
Save sensitive files with random names and clean temporay files
-
Enable web applications access to database through limited accounts only
-
Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.
Pregunta 10
Pregunta
Which of the following is not a best practice in the management of sessions?
Respuesta
-
Make use of SSL
-
Do not add sensitive data in security token
-
Impose concurrent login limits
-
Regenerate session IDs upon privilege changes
-
A user has access to resources based on the role assigned
¿Quieres crear tus propios Tests gratis con GoConqr? Más información.