0

Application threat modeling Quiz - 1

Description: Application threat modeling, Security, Security tools and best practices
Number of Questions: 19
Created by:
Tags: security technology
Attempted 0/19 Correct 0 Score 0
  1. MITM proxy can be used to change the URL to a non secured one

  2. If the login page is not SSL enabled, the credentials will be transmitted in plain text to the web server and Attacker can sniff the credentials supplied by the user

  3. Firewall logs will have the credentials in plain text

  4. proxy logs will have the credentials in plain text


Correct Option: B
  1. During multi-staged login, the application should validate the credentials supplied at each stage only

  2. Hidden variables should be used to remember the previous stage values and current stage supplier credentials to be validated at server end

  3. During multi-staged login, the application should validate the credentials supplied at each stage and previous stages

  4. Credentials supplied at the prevoius stage should be saved in cookie and current stage supplier credentials to be validated at server end


Correct Option: C

Which of the following is an attack technique that forces a web site to echo client-supplied data, which execute in a user’s web browser

  1. XSS

  2. Reflection Attack

  3. Mirror Attack

  4. XSLT


Correct Option: A

What is Static Analysis

  1. Static Code Analysis is the analysis of software code by actually executing the binaries resulting from this code

  2. Static Code Analysis is the analysis of software code without actually executing the binaries resulting from this code

  3. Static Code Analysis is the analysis of executables resulting from this code

  4. None of the above


Correct Option: B

AppSensor is a popular

  1. Web Applictation Firewall

  2. Application Based Intrusion Detection

  3. Database Monitoring

  4. Virtual Private Lan


Correct Option: B

ModSecurity is a popular

  1. Web Applictation Firewall

  2. Application Based Intrusion Detection

  3. Database Monitoring

  4. Virtual Private Lan


Correct Option: A

Which of the following is not a function of Database Activity Monitor

  1. Previlged User Monitoring

  2. Application Activity Monitoring

  3. Cyberattack Protection

  4. Database Recovery


Correct Option: D

If an attacker submit multiple input parameters (query string, post data, cookies,etc.) of the same name, the application may react in unexpected ways and open up new avenues of server-side and client-side exploitation.This is the premise of

  1. HTTP Parameter Pollution

  2. Session Splitting

  3. Parameter Damage

  4. Parameter Busting


Correct Option: A
  1. Evercookie is a javascript API available that produces extremely persistent cookies in a browser

  2. Evercookie is a cookie anonymysing tool

  3. Evercookie is a FireFox Plugin

  4. Evercookie is a cookie pollution tool


Correct Option: A
  1. Padding Oracle Attack

  2. Padding CBC Attack

  3. Oracle Lockback

  4. Padding Filter


Correct Option: A

Ollydbg is a popular

  1. Compiler

  2. Reverse Engineering tool

  3. Database Monitoring tool

  4. Macro Analyzer


Correct Option: B

NOP sled technique is a popular

  1. Reverse Engineering Technique

  2. Buffer Overflow Attack Technique

  3. Log Analysing Technique

  4. Data Analysis Technique


Correct Option: B
- Hide questions