0
Alien head

Application threat modeling Quiz - 1

Description: Application threat modeling, Security, Security tools and best practices
Number of Questions: 19
Created by:
Tags: security technology

NOP sled technique is a popular

  1. Reverse Engineering Technique

  2. Buffer Overflow Attack Technique

  3. Log Analysing Technique

  4. Data Analysis Technique

Answer: 2

Ollydbg is a popular

  1. Compiler

  2. Reverse Engineering tool

  3. Database Monitoring tool

  4. Macro Analyzer

Answer: 2

_________is a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines

  1. MsCop

  2. FxCop

  3. RsCop

  4. DxCop

Answer: 2

Strcpy(), strcat(), strncpy(), sprint(), gets() are all included in

  1. Safe APIs

  2. Banned APIs

  3. String APIs

  4. CAPIs

Answer: 2

Which of the following is a valid crypto graphic attack

  1. Padding Oracle Attack

  2. Padding CBC Attack

  3. Oracle Lockback

  4. Padding Filter

Answer: 1

What is a an Evercookie?

  1. Evercookie is a javascript API available that produces extremely persistent cookies in a browser

  2. Evercookie is a cookie anonymysing tool

  3. Evercookie is a FireFox Plugin

  4. Evercookie is a cookie pollution tool

Answer: 1

If an attacker submit multiple input parameters (query string, post data, cookies,etc.) of the same name, the application may react in unexpected ways and open up new avenues of server-side and client-side exploitation.This is the premise of

  1. HTTP Parameter Pollution

  2. Session Splitting

  3. Parameter Damage

  4. Parameter Busting

Answer: 1

Which of the following is a valid threat modelling methodology

  1. STRIDE

  2. PRIDE

  3. BRIDE

  4. RIDE

Answer: 1

Which of the following is a valid method of classifying computer security threats

  1. DREAD

  2. FEAR

  3. SAFE

  4. DEAF

Answer: 1

Which of the following is not a function of Database Activity Monitor

  1. Previlged User Monitoring

  2. Application Activity Monitoring

  3. Cyberattack Protection

  4. Database Recovery

Answer: 4

Any attack which is based on information gained from physical implementation of a crypto system,rather than brute force or algorithm weakness is known as

  1. Back Attack

  2. Unknown Attack

  3. Reverse Attack

  4. Side Channel Attack

Answer: 4

ModSecurity is a popular

  1. Web Applictation Firewall

  2. Application Based Intrusion Detection

  3. Database Monitoring

  4. Virtual Private Lan

Answer: 1

AppSensor is a popular

  1. Web Applictation Firewall

  2. Application Based Intrusion Detection

  3. Database Monitoring

  4. Virtual Private Lan

Answer: 2

The process of addressing a security vulnerability by blocking an attack vector that could exploit it is known as

  1. Anti Patching

  2. Anti Attack

  3. Virtual Patching

  4. Patch Attack

Answer: 3

What is Static Analysis

  1. Static Code Analysis is the analysis of software code by actually executing the binaries resulting from this code

  2. Static Code Analysis is the analysis of software code without actually executing the binaries resulting from this code

  3. Static Code Analysis is the analysis of executables resulting from this code

  4. None of the above

Answer: 2

Which of the following is an attack technique used to exploit "dynamic file include" mechanisms in web applications

  1. Dynamic File Attack

  2. Remote File Inclusion

  3. Dynamic Data Attack

  4. Data Dynamics

Answer: 2

Which of the following is an attack technique that forces a web site to echo client-supplied data, which execute in a user’s web browser

  1. XSS

  2. Reflection Attack

  3. Mirror Attack

  4. XSLT

Answer: 1

In a multi-staged login in an application, what is that to be ensured for application security by the developer

  1. During multi-staged login, the application should validate the credentials supplied at each stage only

  2. Hidden variables should be used to remember the previous stage values and current stage supplier credentials to be validated at server end

  3. During multi-staged login, the application should validate the credentials supplied at each stage and previous stages

  4. Credentials supplied at the prevoius stage should be saved in cookie and current stage supplier credentials to be validated at server end

Answer: 3

When you developing an application both secured and not secured web pages, what is the reason for the need to have the login page SSL enabled

  1. MITM proxy can be used to change the URL to a non secured one

  2. If the login page is not SSL enabled, the credentials will be transmitted in plain text to the web server and Attacker can sniff the credentials supplied by the user

  3. Firewall logs will have the credentials in plain text

  4. proxy logs will have the credentials in plain text

Answer: 2
+ View questions