Web Security Quiz

Description: This quiz is about the security on Web, contains question related to Cross Site Scripting (XSS), Security Best practices.
Number of Questions: 20
Created by:
Tags: security
Attempted 0/19 Correct 0 Score 0
  1. Hidden tags

  2. Query Strings

  3. Header

  4. Cookies


Correct Option: B
  1. Hashing the password twice

  2. Encrypting the password using the private key

  3. Use an encryption algorithm you wrote your self so no one knows how it works

  4. Salting the hash


Correct Option: D

Implementing Access Control based on a hard coded IP address

  1. Can be done as it as an internal IP

  2. Can be done for internet facing servers as there are no chances of IP conflicts

  3. Is a good security practice

  4. Is a bad security practice


Correct Option: D
  1. Should be placed securely in a folder called “temp” in the web root

  2. Can be placed anywhere in the web root as long as there are no links to them

  3. Should be completely removed from the server

  4. Can be placed anywhere after changing the extension


Correct Option: C
  1. Print the logs to a paper

  2. Create a copy of data in your laptop/desktop

  3. Copy the files to CD-R's

  4. None of the above


Correct Option: C
  1. Unvalidated input

  2. Lack of authentication

  3. Improper error handing

  4. Insecure configuration management


Correct Option: A
  1. Data Validation

  2. Secure Cookies

  3. Encryption

  4. Comprehensive exception handling


Correct Option: A
  1. Request that the user authenticate him/herself by replying to the email with their account credentials.

  2. Personalized greeting line

  3. Providing easy access to the customer's account via a “Click Here” style link

  4. Sending the email from a domain set up specifically for the special offer


Correct Option: B
  1. Client (Browser)

  2. Database

  3. Web Application

  4. Web Server


Correct Option: A
  1. Compromise of users

  2. Loss of data integrity

  3. Destruction of data

  4. None of the above


Correct Option: A
  1. Data is validated against a list of values that are known to be valid

  2. Data is validated against a list of values that are known to be invalid

  3. Both of the above

  4. None of the above


Correct Option: A
  1. Arbitrary code execution

  2. Inadequate caching headers

  3. Distributed Denial of Service Attack against clients

  4. None of the above


Correct Option: A

Which of the following should be stored in the cookie?

  1. Session ID

  2. Account Privileges

  3. UserName

  4. Password


Correct Option: A
  1. The type of users who would be accessing the data

  2. Availability, Integrity and Confidentiality

  3. The threat level the company faces

  4. Access controls protecting the data


Correct Option: B
  1. Availability, Integrity, Confidentiality

  2. Usability, Reliability, Accountability

  3. Quality, Accountability, Integrity

  4. None of the above


Correct Option: A
- Hide questions