2998603
Descrição
Quiz por Carlos Veliz, atualizado more than 1 year ago
|
Criado por Carlos Veliz
quase 9 anos atrás
|
|
Questão 1
Questão
Which of the following statements is not part of the types of authentication mechanisms?
Responda
-
HTTP Basic Authentication
-
Form-Based Authentication
-
Authentication 802.1x
-
Client/Server Mutual Authentication
Questão 2
Questão
Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?
Responda
-
Requests a protected resource
-
Request username password
-
Redirect to login page
-
Returns request resource
-
Sends username password
Questão 3
Questão
Indicate whether the following definition is true or false for form-based authentication:
"SSL can be added to part or whole of the web application"
Responda
-
True
-
False
Questão 4
Questão
It is not part of the job overview of Kerberos:
Responda
-
Key Distribution Centre in Kerberos stores account information and client passwords
-
Working proccess is invisible to the user
-
This mechanism issues tickets containing user identity, encrypted password, encrypted data
-
Client authentication ensures that the users are legitimate or not
Questão 5
Questão
It is not a way to prevent Web-based enumeration attack:
Responda
-
Lock out targeted account access after a certain restricted failed attempts
-
Web applications need to respond with similar error messages to all authentication failures
-
Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage
-
Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage
Questão 6
Questão
Authorization is the proccess that control access rights of principals to system resources that include:
Responda
-
Access to users
-
Access to proccess
-
Access to machines
-
All of the above
-
None of the above
Questão 7
Questão
Which is the fifth step in implementing authorization?
Responda
-
Defining roles to users
-
check for user authentication for the application
-
Apply the constrains which are accessible by role
-
Define security roles of an application to roles defined in memory realm
Questão 8
Questão
It is not part of the access control model:
Responda
-
System Domain
-
AWT
-
Printer
-
Database Server
-
File I/O
Questão 9
Questão
Which of the following statements is not part of the principles of least privilege?
Responda
-
User account should have enongh privileges according to their task
-
Evaluate and implement code access permissions
-
Save sensitive files with random names and clean temporay files
-
Enable web applications access to database through limited accounts only
-
Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.
Questão 10
Questão
Which of the following is not a best practice in the management of sessions?
Responda
-
Make use of SSL
-
Do not add sensitive data in security token
-
Impose concurrent login limits
-
Regenerate session IDs upon privilege changes
-
A user has access to resources based on the role assigned
Quer criar seus próprios Quizzes gratuitos com a GoConqr? Saiba mais.