Back
0

Application threat modeling Quiz - 1

Description: Application threat modeling, Security, Security tools and best practices
Number of Questions: 19
Created by:
Tags: security technology
Start the Quiz
Attempted 0/19 Correct 0 Score 0

When you developing an application both secured and not secured web pages, what is the reason for the need to have the login page SSL enabled
technology security

  1. MITM proxy can be used to change the URL to a non secured one

  2. If the login page is not SSL enabled, the credentials will be transmitted in plain text to the web server and Attacker can sniff the credentials supplied by the user

  3. Firewall logs will have the credentials in plain text

  4. proxy logs will have the credentials in plain text

Show answer
Correct Option: B

In a multi-staged login in an application, what is that to be ensured for application security by the developer
technology security

  1. During multi-staged login, the application should validate the credentials supplied at each stage only

  2. Hidden variables should be used to remember the previous stage values and current stage supplier credentials to be validated at server end

  3. During multi-staged login, the application should validate the credentials supplied at each stage and previous stages

  4. Credentials supplied at the prevoius stage should be saved in cookie and current stage supplier credentials to be validated at server end

Show answer
Correct Option: C

Which of the following is an attack technique that forces a web site to echo client-supplied data, which execute in a user’s web browser

technology security

  1. XSS

  2. Reflection Attack

  3. Mirror Attack

  4. XSLT

Show answer
Correct Option: A

Which of the following is an attack technique used to exploit "dynamic file include" mechanisms in web applications
technology security

  1. Dynamic File Attack

  2. Remote File Inclusion

  3. Dynamic Data Attack

  4. Data Dynamics

Show answer
Correct Option: B

What is Static Analysis

technology security

  1. Static Code Analysis is the analysis of software code by actually executing the binaries resulting from this code

  2. Static Code Analysis is the analysis of software code without actually executing the binaries resulting from this code

  3. Static Code Analysis is the analysis of executables resulting from this code

  4. None of the above

Show answer
Correct Option: B

The process of addressing a security vulnerability by blocking an attack vector that could exploit it is known as
technology security

  1. Anti Patching

  2. Anti Attack

  3. Virtual Patching

  4. Patch Attack

Show answer
Correct Option: C

AppSensor is a popular

technology security

  1. Web Applictation Firewall

  2. Application Based Intrusion Detection

  3. Database Monitoring

  4. Virtual Private Lan

Show answer
Correct Option: B

ModSecurity is a popular

technology security

  1. Web Applictation Firewall

  2. Application Based Intrusion Detection

  3. Database Monitoring

  4. Virtual Private Lan

Show answer
Correct Option: A

Any attack which is based on information gained from physical implementation of a crypto system,rather than brute force or algorithm weakness is known as
technology security

  1. Back Attack

  2. Unknown Attack

  3. Reverse Attack

  4. Side Channel Attack

Show answer
Correct Option: D

Which of the following is not a function of Database Activity Monitor

technology security

  1. Previlged User Monitoring

  2. Application Activity Monitoring

  3. Cyberattack Protection

  4. Database Recovery

Show answer
Correct Option: D

Which of the following is a valid method of classifying computer security threats
technology security

  1. DREAD

  2. FEAR

  3. SAFE

  4. DEAF

Show answer
Correct Option: A

Which of the following is a valid threat modelling methodology
technology security

  1. STRIDE

  2. PRIDE

  3. BRIDE

  4. RIDE

Show answer
Correct Option: A

If an attacker submit multiple input parameters (query string, post data, cookies,etc.) of the same name, the application may react in unexpected ways and open up new avenues of server-side and client-side exploitation.This is the premise of

technology security

  1. HTTP Parameter Pollution

  2. Session Splitting

  3. Parameter Damage

  4. Parameter Busting

Show answer
Correct Option: A

What is a an Evercookie?
technology security

  1. Evercookie is a javascript API available that produces extremely persistent cookies in a browser

  2. Evercookie is a cookie anonymysing tool

  3. Evercookie is a FireFox Plugin

  4. Evercookie is a cookie pollution tool

Show answer
Correct Option: A

Which of the following is a valid crypto graphic attack
technology security

  1. Padding Oracle Attack

  2. Padding CBC Attack

  3. Oracle Lockback

  4. Padding Filter

Show answer
Correct Option: A

Strcpy(), strcat(), strncpy(), sprint(), gets() are all included in
technology security

  1. Safe APIs

  2. Banned APIs

  3. String APIs

  4. CAPIs

Show answer
Correct Option: B

_________is a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines
technology security

  1. MsCop

  2. FxCop

  3. RsCop

  4. DxCop

Show answer
Correct Option: B

Ollydbg is a popular

technology security

  1. Compiler

  2. Reverse Engineering tool

  3. Database Monitoring tool

  4. Macro Analyzer

Show answer
Correct Option: B

NOP sled technique is a popular

technology security

  1. Reverse Engineering Technique

  2. Buffer Overflow Attack Technique

  3. Log Analysing Technique

  4. Data Analysis Technique

Show answer
Correct Option: B
- Hide questions
ADVERTISEMENT

Find more quizzes from top tags

general knowledge
3600 Quizzes
119725 Questions
 technology
307 Quizzes
36705 Questions
 sports
961 Quizzes
19148 Questions
 history
1088 Quizzes
13125 Questions
 biology
1026 Quizzes
11462 Questions
 physics
550 Quizzes
11687 Questions
 science & technology
551 Quizzes
11015 Questions
 chemistry
432 Quizzes
8610 Questions
 maths
457 Quizzes
8210 Questions
 softskills
0 Quizzes
7131 Questions