Web Security Quiz

Description: This quiz is about the security on Web, contains question related to Cross Site Scripting (XSS), Security Best practices.
Number of Questions: 20
Created by:
Tags: security
Attempted 0/19 Correct 0 Score 0
  1. Hidden tags

  2. Query Strings

  3. Header

  4. Cookies

Correct Option: B
  1. Hashing the password twice

  2. Encrypting the password using the private key

  3. Use an encryption algorithm you wrote your self so no one knows how it works

  4. Salting the hash

Correct Option: D

Implementing Access Control based on a hard coded IP address

  1. Can be done as it as an internal IP

  2. Can be done for internet facing servers as there are no chances of IP conflicts

  3. Is a good security practice

  4. Is a bad security practice

Correct Option: D
  1. Should be placed securely in a folder called “temp” in the web root

  2. Can be placed anywhere in the web root as long as there are no links to them

  3. Should be completely removed from the server

  4. Can be placed anywhere after changing the extension

Correct Option: C
  1. Print the logs to a paper

  2. Create a copy of data in your laptop/desktop

  3. Copy the files to CD-R's

  4. None of the above

Correct Option: C
  1. Unvalidated input

  2. Lack of authentication

  3. Improper error handing

  4. Insecure configuration management

Correct Option: A
  1. Data Validation

  2. Secure Cookies

  3. Encryption

  4. Comprehensive exception handling

Correct Option: A
  1. Request that the user authenticate him/herself by replying to the email with their account credentials.

  2. Personalized greeting line

  3. Providing easy access to the customer's account via a “Click Here” style link

  4. Sending the email from a domain set up specifically for the special offer

Correct Option: B
  1. Client (Browser)

  2. Database

  3. Web Application

  4. Web Server

Correct Option: A
  1. Compromise of users

  2. Loss of data integrity

  3. Destruction of data

  4. None of the above

Correct Option: A
  1. Data is validated against a list of values that are known to be valid

  2. Data is validated against a list of values that are known to be invalid

  3. Both of the above

  4. None of the above

Correct Option: A
  1. Arbitrary code execution

  2. Inadequate caching headers

  3. Distributed Denial of Service Attack against clients

  4. None of the above

Correct Option: A

Which of the following should be stored in the cookie?

  1. Session ID

  2. Account Privileges

  3. UserName

  4. Password

Correct Option: A
  1. The type of users who would be accessing the data

  2. Availability, Integrity and Confidentiality

  3. The threat level the company faces

  4. Access controls protecting the data

Correct Option: B
  1. Availability, Integrity, Confidentiality

  2. Usability, Reliability, Accountability

  3. Quality, Accountability, Integrity

  4. None of the above

Correct Option: A
- Hide questions