Back
0

Application threat modeling Quiz - 2

Description: Application threat modeling Quiz
Number of Questions: 20
Created by:
Tags: security technology
Start the Quiz
Attempted 0/20 Correct 0 Score 0

When do we need to be penetration testing

technology security

  1. After integration testing but before acceptance testing by the client/end user

  2. after unit test

  3. after integration testing

  4. during system testing

Show answer
Correct Option: A

In threat modeling, what methodology used to perform risk analysis
technology security

  1. STRIDE

  2. DREAD

  3. OWASP

  4. DAR

Show answer
Correct Option: B

In DREAD methodology of risk analysis in threat analysis, how is the Risk score for each threat is calculated
technology security

  1. Risk score = (Reproducibility * Exploitability * Discoverability) / (Damage potential * Affected users)

  2. Risk score = (Reproducibility * Exploitability - Discoverability) ^ (Damage potential + Affected users)

  3. Risk score = (Reproducibility + Exploitability + Discoverability) / (Damage potential + Affected users)

  4. Risk score = (Reproducibility + Exploitability + Discoverability) * (Damage potential + Affected users)

Show answer
Correct Option: D

Select the correct choice for "Security Design Principle"

technology security

  1. 1) Keep it easy to understand 2) Secure default access 3) Defense in Depth 4) encapsulation 5) Highest privilege

  2. 1) Keep it easy to understand 2) Secure access 3) Defense in Depth 4) encapsulation 5) Highest privilege

  3. 1) Keep it simple and secure 2) Secure default access 3) Defense in Depth 4) Compartmentalization 5) Least privilege

  4. 1) Keep it easy to understand 2) Secure access 3) DMZ 4) encapsulation 5) Highest privilege

Show answer
Correct Option: C

The kind of testing in which activities are performed to find the active machines, open ports and available services, identifying the OS and mapping the network
technology security

  1. Passive Scanning

  2. Social Engineering

  3. Scanning

  4. Fuzzing

Show answer
Correct Option: C

What is the best approach to be used while providing access to SSO application in a portal

technology security

  1. Mandatory access control

  2. Role Based Access Control

  3. Discretionary Access Control

  4. Biometric access control

Show answer
Correct Option: B

Which tool can be used for system vulnerability test
technology security

  1. Nessus

  2. HP Web Inspect

  3. TAM

  4. SDL

Show answer
Correct Option: A

Name the query language for reading XML document
technology security

  1. Xpath

  2. XmlReader

  3. SQL

  4. xmlPlus

Show answer
Correct Option: A

Which one is not a counter measure for log tampering
technology security

  1. Digitally signed and stamped logs

  2. Log file Read/write privilege is controlled by System administrator

  3. Separate logs for system events

  4. Transaction log for all application events

Show answer
Correct Option: B

DMZ is a
technology security

  1. DMZ is the place where customers servers are deployed.

  2. DMZ is an area where all the protocols are allowed to pass through.

  3. semi trusted network zone that separates the untrusted internet from the companys trusted internal network

  4. DMZ is cyber warfare terminology

Show answer
Correct Option: C

Cookie value gets submitted during POST submit of HTML FORM
technology security

  1. SQL Injection

  2. Cross site request forgery

  3. Session fixation

  4. session hijack

Show answer
Correct Option: C

Password complexity check should be implemented where?
technology security

  1. Client side only

  2. server side only

  3. Both client and server side

  4. In the SQL procedure

Show answer
Correct Option: B

While using "Forgot Password" feature by user to recover the password, what should be checked first

technology security

  1. whether the credentials provided are valid and correct

  2. whether account is already disabled

  3. whether account is locked

  4. whether the CAPTCHA values entered by the user same as what is in the image

Show answer
Correct Option: B

Which tool can be used for Threat Modeling
technology security

  1. HP Web Inspect

  2. Nessus

  3. Open Vas

  4. TAM

Show answer
Correct Option: D

Which of the following is mandatory for the audit and access logs of the application to be valid in the court of law
technology security

  1. log should have url accessed by user

  2. Date and time logged in the logs should be in IST format

  3. logs have to be in W3C format

  4. System time is in sync with INDIA domain time and the logs should have uniquely identifiable information about the user

Show answer
Correct Option: D

When you are performing EQA of an application developed by another project, you are doing
technology security

  1. white box testing

  2. black box testing

  3. security testing

  4. vulnerability testing

Show answer
Correct Option: A

An application is developed and deployed in production. A bug was found and a CR was raised and modified code is ready for deployment after following SSA and SDLC. This interim release of the application is called
technology security

  1. Release of CR

  2. maintenance of application

  3. release of patch

  4. interim release of CR

Show answer
Correct Option: C

The application logs are backed up in a media and retained for years as required by law. One of the media found defective after a long period of time. What do we need to do with the media
technology security

  1. Use it for overwriting current logs

  2. Inform stakeholders and degauss the media

  3. Keep it safely and securely in the fire proof safe

  4. format the media

Show answer
Correct Option: B

You are asked to develop an application from scratch. When will you start performing Threat Modeling of the application
technology security

  1. At the design stage

  2. At the beginning of testing phase

  3. During requirements collection phase

  4. HP Webinspect performs the Threat Modeling, I do not need to do anything

Show answer
Correct Option: C

___________ is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages
technology security

  1. Clickjacking

  2. RoughJacking

  3. CyberJacking

  4. CrackJacking

Show answer
Correct Option: A
- Hide questions
ADVERTISEMENT

Find more quizzes from top tags

general knowledge
3600 Quizzes
119725 Questions
 technology
307 Quizzes
36705 Questions
 sports
961 Quizzes
19148 Questions
 history
1088 Quizzes
13125 Questions
 biology
1026 Quizzes
11462 Questions
 physics
537 Quizzes
11445 Questions
 science & technology
551 Quizzes
11015 Questions
 chemistry
432 Quizzes
8610 Questions
 maths
438 Quizzes
7860 Questions
 softskills
0 Quizzes
7131 Questions