Tag: technology

Question 1

Analyse following code public void dummyFunction(String var1,String var2){ try{ Connection con=getConnection(); String query=”select * from table1 where col1=”+var1 +”and col2=”+var2; Statement st=conn.createStatement(); ResultSet rs=st.executeQuery(query); …… ….. } catch(Exception e) { } } var1 and var2 are inputs from user directly passed to this functions.

technology security

Vulnerable to SQL Injection
Vulnerable to DoS
Vulnerable to Information Disclosure
Code is secure

Answer

Correct Option: D

Question 2

Fnction below is used to read file from a directory on the filesystem. This code runs with read only OS level privilege on this directory. fileName is parameter from user directly passed to this function. public void dummyFunction(String fileName){ FileInputStream fis = new FileInputStream(fileName); // code to read file content only, no write modify or delete } Identify correct answer

technology security

Security is handled at OS level by giving only read level privilege so no need to put an extra check here
Only problem here is that fileName may not be syntactically incorrect so it should be validated before using it in the function
This code can lead to information disclosure attack
Java provides enough security by default for IO operations so this code is not vulnerable.

Answer

Correct Option: C

Question 3

Please select which of the following statements are NOT true regarding the AccessController class? a. Can be used to mark code as being "privileged", thus affecting subsequent access determinations b. Can be to decide whether an access to a critical system resource is to be allowed or denied, based on the security policy currently in effect c. Can be used to obtain a "snapshot" of the current calling context d. Can be used to compute a cryptographically secure hash

technology security

a
b
c
d

Answer

Correct Option: D

Question 4

Which of the following API's associates a Subject with the thread of execution?

technology security

Subject.doAs()
AccessController.checkPermission()
SecurityManager.checkAccess()
None of the above

Answer

Correct Option: A

Question 5

Please select which of the following statements regarding Java 2 Security is TRUE?

technology security

The type safety mechanism in the Java language prevents the execution of malicious code
Two classes with the same fully qualified name but which are defined by different instances of a class loader are NOT of the same type
All signed classes are implicitly trusted and granted full access
The principal role of a TrustManager is to determine if presented authentication credentials should be trusted
Option 1 AND Option 4
Option 2 AND Option 4

Answer

Correct Option: F

Question 6

Which of the following is a command line tool for managing the public and private keys stored in a keystore?

technology security

securitymanager
policytool
jarsigner
keystore
None of the above

Answer

Correct Option: E

Question 7

Which of the following best describes how to sign a document using a digital signature?

technology security

Create a hash of the document and encrypt the resulting hash using the signer's private key
Encrypt the document using the signer's private key
Encrypt the document using the signer's private key and create a hash of the encrypted document
Encrypt the document using the signer's public key

Answer

Correct Option: A

Question 8

How many of security code review tools available in following list • OWASP WebScarab • Fortify • WebInspect • AppScan • Nikto • FindBugs

technology security

1
2
4
6

Answer

Correct Option: B

Question 9

Which of the following framework provides an annotation based validation mechanism?

technology security

Struts 1.1
Struts 1.2
Struts 2
JSF

Answer

Correct Option: C

Question 10

Sequences are accessed using

technology platforms and products

Prevval
Currval
Newval
Lastval

Answer

Correct Option: B

Tag: technology

Questions Related to technology