Tag: technology

Questions Related to technology

Analyse following code public void dummyFunction(String var1,String var2){ try{ Connection con=getConnection(); String query=”select * from table1 where col1=”+var1 +”and col2=”+var2; Statement st=conn.createStatement(); ResultSet rs=st.executeQuery(query); …… ….. } catch(Exception e) { } } var1 and var2 are inputs from user directly passed to this functions.
technology security

  1. Vulnerable to SQL Injection

  2. Vulnerable to DoS

  3. Vulnerable to Information Disclosure

  4. Code is secure

Show answer
Correct Option: D

Fnction below is used to read file from a directory on the filesystem. This code runs with read only OS level privilege on this directory. fileName is parameter from user directly passed to this function. public void dummyFunction(String fileName){ FileInputStream fis = new FileInputStream(fileName); // code to read file content only, no write modify or delete } Identify correct answer
technology security

  1. Security is handled at OS level by giving only read level privilege so no need to put an extra check here

  2. Only problem here is that fileName may not be syntactically incorrect so it should be validated before using it in the function

  3. This code can lead to information disclosure attack

  4. Java provides enough security by default for IO operations so this code is not vulnerable.

Show answer
Correct Option: C

Please select which of the following statements are NOT true regarding the AccessController class? a. Can be used to mark code as being "privileged", thus affecting subsequent access determinations b. Can be to decide whether an access to a critical system resource is to be allowed or denied, based on the security policy currently in effect c. Can be used to obtain a "snapshot" of the current calling context d. Can be used to compute a cryptographically secure hash
technology security

  1. a

  2. b

  3. c

  4. d

Show answer
Correct Option: D

Which of the following API's associates a Subject with the thread of execution?
technology security

  1. Subject.doAs()

  2. AccessController.checkPermission()

  3. SecurityManager.checkAccess()

  4. None of the above

Show answer
Correct Option: A

Please select which of the following statements regarding Java 2 Security is TRUE?
technology security

  1. The type safety mechanism in the Java language prevents the execution of malicious code

  2. Two classes with the same fully qualified name but which are defined by different instances of a class loader are NOT of the same type

  3. All signed classes are implicitly trusted and granted full access

  4. The principal role of a TrustManager is to determine if presented authentication credentials should be trusted

  5. Option 1 AND Option 4

  6. Option 2 AND Option 4

Show answer
Correct Option: F

Which of the following is a command line tool for managing the public and private keys stored in a keystore?
technology security

  1. securitymanager

  2. policytool

  3. jarsigner

  4. keystore

  5. None of the above

Show answer
Correct Option: E

Which of the following best describes how to sign a document using a digital signature?
technology security

  1. Create a hash of the document and encrypt the resulting hash using the signer's private key

  2. Encrypt the document using the signer's private key

  3. Encrypt the document using the signer's private key and create a hash of the encrypted document

  4. Encrypt the document using the signer's public key

Show answer
Correct Option: A

How many of security code review tools available in following list • OWASP WebScarab • Fortify • WebInspect • AppScan • Nikto • FindBugs
technology security

  1. 1

  2. 2

  3. 4

  4. 6

Show answer
Correct Option: B

Which of the following framework provides an annotation based validation mechanism?
technology security

  1. Struts 1.1

  2. Struts 1.2

  3. Struts 2

  4. JSF

Show answer
Correct Option: C

Sequences are accessed using
technology platforms and products

  1. Prevval

  2. Currval

  3. Newval

  4. Lastval

Show answer
Correct Option: B