Back
0

Web Security Quiz

Description: This quiz is about the security on Web, contains question related to Cross Site Scripting (XSS), Security Best practices.
Number of Questions: 20
Created by:
Tags: security
Start the Quiz
Attempted 0/19 Correct 0 Score 0

Web server will log which part of a GET request?
technology security

  1. Hidden tags

  2. Query Strings

  3. Header

  4. Cookies

Show answer
Correct Option: B

How can we prevent dictionary attacks on password hashes ?

technology security

  1. Hashing the password twice

  2. Encrypting the password using the private key

  3. Use an encryption algorithm you wrote your self so no one knows how it works

  4. Salting the hash

Show answer
Correct Option: D

Implementing Access Control based on a hard coded IP address

technology security

  1. Can be done as it as an internal IP

  2. Can be done for internet facing servers as there are no chances of IP conflicts

  3. Is a good security practice

  4. Is a bad security practice

Show answer
Correct Option: D

Temporary files

technology security

  1. Should be placed securely in a folder called “temp” in the web root

  2. Can be placed anywhere in the web root as long as there are no links to them

  3. Should be completely removed from the server

  4. Can be placed anywhere after changing the extension

Show answer
Correct Option: C

What is the preferred medium for backing up log files ?

technology security

  1. Print the logs to a paper

  2. Create a copy of data in your laptop/desktop

  3. Copy the files to CD-R's

  4. None of the above

Show answer
Correct Option: C

What is the common cause of buffer over flows, cross-site scripting, SQL injection and format string attacks?

technology security

  1. Unvalidated input

  2. Lack of authentication

  3. Improper error handing

  4. Insecure configuration management

Show answer
Correct Option: A

Out of the following which one can be considered as a possible solutions for SQL injection vulnerability?

technology security

  1. Data Validation

  2. Secure Cookies

  3. Encryption

  4. Comprehensive exception handling

Show answer
Correct Option: A

Which of the following is appropriate for customer emails regarding a limited time promotional offer?

technology security

  1. Request that the user authenticate him/herself by replying to the email with their account credentials.

  2. Personalized greeting line

  3. Providing easy access to the customer's account via a “Click Here” style link

  4. Sending the email from a domain set up specifically for the special offer

Show answer
Correct Option: B

Cross Site Scripting is an attack against

technology security

  1. Client (Browser)

  2. Database

  3. Web Application

  4. Web Server

Show answer
Correct Option: A

Which cookie flag, when set, will prevent their transmission over non secure channel?

technology security

  1. Secure

  2. Domain

  3. Expires

  4. Static

Show answer
Correct Option: A

The main risk to a web application in a cross site scripting attack is …

technology security

  1. Compromise of users

  2. Loss of data integrity

  3. Destruction of data

  4. None of the above

Show answer
Correct Option: A

Out of the following which can be considered as user input for which validation is not required

technology security

  1. Host Header

  2. Cookie

  3. Referrer Header

  4. None of the above

Show answer
Correct Option: D

Which languages are vulnerable to Cross Site Scripting attacks ?

technology security

  1. Java

  2. ASP.Net

  3. Perl

  4. All of the above

Show answer
Correct Option: D

What does “White List” data validation means?

technology security

  1. Data is validated against a list of values that are known to be valid

  2. Data is validated against a list of values that are known to be invalid

  3. Both of the above

  4. None of the above

Show answer
Correct Option: A

Failing to properly validate uploaded files could result in:

technology security

  1. Arbitrary code execution

  2. Inadequate caching headers

  3. Distributed Denial of Service Attack against clients

  4. None of the above

Show answer
Correct Option: A

In which of the following exploits does an attacker insert malicious code into a link that appears to be from a trustworthy source?

technology security

  1. Cross-Site Scripting

  2. Buffer over flows

  3. Command injection

  4. Path traversal attack

Show answer
Correct Option: A

Which of the following should be stored in the cookie?

technology security

  1. Session ID

  2. Account Privileges

  3. UserName

  4. Password

Show answer
Correct Option: A

What should be considered the most while doing data classification

technology security

  1. The type of users who would be accessing the data

  2. Availability, Integrity and Confidentiality

  3. The threat level the company faces

  4. Access controls protecting the data

Show answer
Correct Option: B

What are the fundamental principles of Security?

technology security

  1. Availability, Integrity, Confidentiality

  2. Usability, Reliability, Accountability

  3. Quality, Accountability, Integrity

  4. None of the above

Show answer
Correct Option: A
- Hide questions
ADVERTISEMENT

Find more quizzes from top tags

general knowledge
3600 Quizzes
119725 Questions
 technology
307 Quizzes
36705 Questions
 sports
961 Quizzes
19148 Questions
 history
1088 Quizzes
13125 Questions
 biology
1026 Quizzes
11462 Questions
 physics
537 Quizzes
11445 Questions
 science & technology
551 Quizzes
11015 Questions
 chemistry
432 Quizzes
8610 Questions
 maths
429 Quizzes
7860 Questions
 softskills
0 Quizzes
7131 Questions