30183889
Descrição
Quiz por Pascal Bartl, atualizado more than 1 year ago
|
Criado por Pascal Bartl
aproximadamente 3 anos atrás
|
|
Questão 1
Questão
Which of the following terms refer to security vulnerabilities in software? (3)
Responda
-
Scalar type declaration
-
Cross-site scripting (XSS)
-
Bounded context
-
Authentication bypass (or broken authentication)
-
False vacuum theory
-
Injection flaws
Questão 2
Questão
Is it possible to output form fields dynamically (e.g. with JavaScript) in an action? (1)
Responda
-
This is not possible for security reasons
-
This is possible, but requires the addition of an annotation @dontverifyrequesthash to the target action
-
This is possible, but requires the addition of an annotation @ignorevalidation to the target action
-
This is possible, but requires the addition of an annotation @dontvalidate to the target action
-
This is possible by activating the TypoScript option persistence.enableDynamicForms
Questão 3
Questão
Which of the following ViewHelpers check whether a frontend user is logged-in and is a member of the group
“news” (UID = 5)? (2)
Responda
-
<f:if condition="{TSFE.loginUser.group == 5}">.
-
<f:security.ifHasRole role="5">
-
<f:security.ifHasRole role="news">
-
<f:security.ifAuthenticated>
-
<f:security.loginUser group_id="5">
Questão 4
Questão
Which statements about security in Fluid are correct? (2)
Responda
-
Fluid applies htmlspecialchars() when HTML content of a variable is output
-
Fluid automatically removes all HTML tags if the content of a variable contains HTML code
-
To protect users against XSS attacks, an exception is triggered if a variable contains HTML code
-
The FormatRaw-ViewHelper (<f:format.raw>) can be used to output the content of variables unfiltered
-
All HTML code should be passed to the FormatHtml-ViewHelper (<f:format.html>) for security reasons
Questão 5
Questão
What is the purpose of the “FormProtectionFactory”? (1)
Responda
-
Protection against SQL injections
-
Protection against man-in-the-middle attacks
-
Protection against cross-site scripting (XSS) attacks
-
Protection against cookie theft
-
Protection against cross-site request forgery (CSRF)
Questão 6
Questão
Which methods sanitize variables for the QueryBuilder and make the value SQL injection safe for prepared statements? (3)
Responda
-
The method quoteIdentifier()
-
The method quoteIdentifiers()
-
The method sanitizeValue()
-
The method createNamedParameter()
-
The method secureQuery()
Quer criar seus próprios Quizzes gratuitos com a GoConqr? Saiba mais.