Alien head

Application threat modeling Quiz - 2

Description: Application threat modeling Quiz
Number of Questions: 20
Created by:
Tags: security technology
Attempted 0/20 Correct 0 Score 0

___________ is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages

  1. Clickjacking

  2. RoughJacking

  3. CyberJacking

  4. CrackJacking

Correct Option: A

You are asked to develop an application from scratch. When will you start performing Threat Modeling of the application

  1. At the design stage

  2. At the beginning of testing phase

  3. During requirements collection phase

  4. HP Webinspect performs the Threat Modeling, I do not need to do anything

Correct Option: C

The application logs are backed up in a media and retained for years as required by law. One of the media found defective after a long period of time. What do we need to do with the media

  1. Use it for overwriting current logs

  2. Inform stakeholders and degauss the media

  3. Keep it safely and securely in the fire proof safe

  4. format the media

Correct Option: B

An application is developed and deployed in production. A bug was found and a CR was raised and modified code is ready for deployment after following SSA and SDLC. This interim release of the application is called

  1. Release of CR

  2. maintenance of application

  3. release of patch

  4. interim release of CR

Correct Option: C

When you are performing EQA of an application developed by another project, you are doing

  1. white box testing

  2. black box testing

  3. security testing

  4. vulnerability testing

Correct Option: A

Which of the following is mandatory for the audit and access logs of the application to be valid in the court of law

  1. log should have url accessed by user

  2. Date and time logged in the logs should be in IST format

  3. logs have to be in W3C format

  4. System time is in sync with INDIA domain time and the logs should have uniquely identifiable information about the user

Correct Option: D

Which tool can be used for Threat Modeling

  1. HP Web Inspect

  2. Nessus

  3. Open Vas

  4. TAM

Correct Option: D

While using "Forgot Password" feature by user to recover the password, what should be checked first

  1. whether the credentials provided are valid and correct

  2. whether account is already disabled

  3. whether account is locked

  4. whether the CAPTCHA values entered by the user same as what is in the image

Correct Option: B

Password complexity check should be implemented where?

  1. Client side only

  2. server side only

  3. Both client and server side

  4. In the SQL procedure

Correct Option: B

Cookie value gets submitted during POST submit of HTML FORM

  1. SQL Injection

  2. Cross site request forgery

  3. Session fixation

  4. session hijack

Correct Option: C

DMZ is a

  1. DMZ is the place where customers servers are deployed.

  2. DMZ is an area where all the protocols are allowed to pass through.

  3. semi trusted network zone that separates the untrusted internet from the companys trusted internal network

  4. DMZ is cyber warfare terminology

Correct Option: C

Which one is not a counter measure for log tampering

  1. Digitally signed and stamped logs

  2. Log file Read/write privilege is controlled by System administrator

  3. Separate logs for system events

  4. Transaction log for all application events

Correct Option: B

Name the query language for reading XML document

  1. Xpath

  2. XmlReader

  3. SQL

  4. xmlPlus

Correct Option: A

Which tool can be used for system vulnerability test

  1. Nessus

  2. HP Web Inspect

  3. TAM

  4. SDL

Correct Option: A

What is the best approach to be used while providing access to SSO application in a portal

  1. Mandatory access control

  2. Role Based Access Control

  3. Discretionary Access Control

  4. Biometric access control

Correct Option: B

The kind of testing in which activities are performed to find the active machines, open ports and available services, identifying the OS and mapping the network

  1. Passive Scanning

  2. Social Engineering

  3. Scanning

  4. Fuzzing

Correct Option: C

Select the correct choice for "Security Design Principle"

  1. 1) Keep it easy to understand 2) Secure default access 3) Defense in Depth 4) encapsulation 5) Highest privilege

  2. 1) Keep it easy to understand 2) Secure access 3) Defense in Depth 4) encapsulation 5) Highest privilege

  3. 1) Keep it simple and secure 2) Secure default access 3) Defense in Depth 4) Compartmentalization 5) Least privilege

  4. 1) Keep it easy to understand 2) Secure access 3) DMZ 4) encapsulation 5) Highest privilege

Correct Option: C

In DREAD methodology of risk analysis in threat analysis, how is the Risk score for each threat is calculated

  1. Risk score = (Reproducibility * Exploitability * Discoverability) / (Damage potential * Affected users)

  2. Risk score = (Reproducibility * Exploitability - Discoverability) ^ (Damage potential + Affected users)

  3. Risk score = (Reproducibility + Exploitability + Discoverability) / (Damage potential + Affected users)

  4. Risk score = (Reproducibility + Exploitability + Discoverability) * (Damage potential + Affected users)

Correct Option: D

In threat modeling, what methodology used to perform risk analysis


  2. DREAD

  3. OWASP

  4. DAR

Correct Option: B

When do we need to be penetration testing

  1. After integration testing but before acceptance testing by the client/end user

  2. after unit test

  3. after integration testing

  4. during system testing

Correct Option: A
+ View questions