0
Alien head

Application threat modeling Quiz - 1

Description: Application threat modeling, Security, Security tools and best practices
Number of Questions: 19
Created by:
Tags: security technology
Attempted 0/19 Correct 0 Score 0

NOP sled technique is a popular

  1. Reverse Engineering Technique

  2. Buffer Overflow Attack Technique

  3. Log Analysing Technique

  4. Data Analysis Technique


Correct Option: B

Ollydbg is a popular

  1. Compiler

  2. Reverse Engineering tool

  3. Database Monitoring tool

  4. Macro Analyzer


Correct Option: B

_________is a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines

  1. MsCop

  2. FxCop

  3. RsCop

  4. DxCop


Correct Option: B

Strcpy(), strcat(), strncpy(), sprint(), gets() are all included in

  1. Safe APIs

  2. Banned APIs

  3. String APIs

  4. CAPIs


Correct Option: B

Which of the following is a valid crypto graphic attack

  1. Padding Oracle Attack

  2. Padding CBC Attack

  3. Oracle Lockback

  4. Padding Filter


Correct Option: A

What is a an Evercookie?

  1. Evercookie is a javascript API available that produces extremely persistent cookies in a browser

  2. Evercookie is a cookie anonymysing tool

  3. Evercookie is a FireFox Plugin

  4. Evercookie is a cookie pollution tool


Correct Option: A

If an attacker submit multiple input parameters (query string, post data, cookies,etc.) of the same name, the application may react in unexpected ways and open up new avenues of server-side and client-side exploitation.This is the premise of

  1. HTTP Parameter Pollution

  2. Session Splitting

  3. Parameter Damage

  4. Parameter Busting


Correct Option: A

Which of the following is a valid threat modelling methodology

  1. STRIDE

  2. PRIDE

  3. BRIDE

  4. RIDE


Correct Option: A

Which of the following is a valid method of classifying computer security threats

  1. DREAD

  2. FEAR

  3. SAFE

  4. DEAF


Correct Option: A

Which of the following is not a function of Database Activity Monitor

  1. Previlged User Monitoring

  2. Application Activity Monitoring

  3. Cyberattack Protection

  4. Database Recovery


Correct Option: D

Any attack which is based on information gained from physical implementation of a crypto system,rather than brute force or algorithm weakness is known as

  1. Back Attack

  2. Unknown Attack

  3. Reverse Attack

  4. Side Channel Attack


Correct Option: D

ModSecurity is a popular

  1. Web Applictation Firewall

  2. Application Based Intrusion Detection

  3. Database Monitoring

  4. Virtual Private Lan


Correct Option: A

AppSensor is a popular

  1. Web Applictation Firewall

  2. Application Based Intrusion Detection

  3. Database Monitoring

  4. Virtual Private Lan


Correct Option: B

The process of addressing a security vulnerability by blocking an attack vector that could exploit it is known as

  1. Anti Patching

  2. Anti Attack

  3. Virtual Patching

  4. Patch Attack


Correct Option: C

What is Static Analysis

  1. Static Code Analysis is the analysis of software code by actually executing the binaries resulting from this code

  2. Static Code Analysis is the analysis of software code without actually executing the binaries resulting from this code

  3. Static Code Analysis is the analysis of executables resulting from this code

  4. None of the above


Correct Option: B

Which of the following is an attack technique used to exploit "dynamic file include" mechanisms in web applications

  1. Dynamic File Attack

  2. Remote File Inclusion

  3. Dynamic Data Attack

  4. Data Dynamics


Correct Option: B

Which of the following is an attack technique that forces a web site to echo client-supplied data, which execute in a user’s web browser

  1. XSS

  2. Reflection Attack

  3. Mirror Attack

  4. XSLT


Correct Option: A

In a multi-staged login in an application, what is that to be ensured for application security by the developer

  1. During multi-staged login, the application should validate the credentials supplied at each stage only

  2. Hidden variables should be used to remember the previous stage values and current stage supplier credentials to be validated at server end

  3. During multi-staged login, the application should validate the credentials supplied at each stage and previous stages

  4. Credentials supplied at the prevoius stage should be saved in cookie and current stage supplier credentials to be validated at server end


Correct Option: C

When you developing an application both secured and not secured web pages, what is the reason for the need to have the login page SSL enabled

  1. MITM proxy can be used to change the URL to a non secured one

  2. If the login page is not SSL enabled, the credentials will be transmitted in plain text to the web server and Attacker can sniff the credentials supplied by the user

  3. Firewall logs will have the credentials in plain text

  4. proxy logs will have the credentials in plain text


Correct Option: B
+ View questions