Tag: technology

Questions Related to technology

Select a tool that is used for Web services enumeration, scanning and fuzzing
technology security

  1. The Scrutinizer

  2. Wschess from Netsquare

  3. SWAAT

  4. Peach Fuzzer

Show answer
Correct Option: B

Select a tool that is used for SQL injection scanning
technology security

  1. SQLiX

  2. WebScarab

  3. ParosProxy

  4. NMAP

Show answer
Correct Option: A

Which one is a Software Security Requirement gathering tool
technology security

  1. Assent

  2. Consult

  3. Masketeer

  4. SQUARE

Show answer
Correct Option: D

Implementing a CAPTCHA can protect you against what types of attacks ?
technology security

  1. SQL Injection

  2. Bufer Overflow

  3. Brute Force Attacks

  4. None of the above

Show answer
Correct Option: C

What would you use LOIC (Low Orbit Intensity Cannon) for?
technology security

  1. SQL Injection

  2. CSRF

  3. Path Manipulation

  4. Denial of Service

Show answer
Correct Option: D

ASLR(Address Space Layout Randomization) and DEP (Data Execution Prevention) can be effective countermeasures against ?

technology security

  1. Server Misconfigurations

  2. Buffer Overflow

  3. Brute Force Attacks

  4. None of the above

Show answer
Correct Option: C

AI Explanation

To answer this question, you need to understand what ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) are and what types of attacks they are effective against. Let's go through each option to understand why it is correct or incorrect:

Option A) Server Misconfigurations - ASLR and DEP are not specifically designed to counter server misconfigurations. Although they can add an extra layer of security, they are not primarily targeted at addressing misconfigurations.

Option B) Buffer Overflow - This option is incorrect. ASLR and DEP are specifically designed to counter buffer overflow attacks. ASLR randomizes the memory layout, making it difficult for an attacker to predict the location of certain functions or variables. DEP prevents the execution of code in certain regions of memory, making it harder for an attacker to exploit a buffer overflow vulnerability.

Option C) Brute Force Attacks - This option is incorrect. ASLR and DEP are not designed to counter brute force attacks. Brute force attacks involve trying all possible combinations of passwords or encryption keys until the correct one is found. ASLR and DEP do not directly address this type of attack.

Option D) None of the above - This option is incorrect. ASLR and DEP are effective countermeasures against buffer overflow attacks.

The correct answer is B) Buffer Overflow. This option is correct because ASLR and DEP are designed to counter buffer overflow attacks by randomizing memory layout and preventing the execution of code in certain regions of memory, respectively.

Tina is working on a multi threaded application.The users of the application can specify the duration for which the threads may be put to sleep.If Tina does not perform any input validation,she is most likely to expose her code to ?
technology security

  1. Session Fixation

  2. Cross Side Scripting

  3. Denial of Service

  4. SQL Injection

Show answer
Correct Option: C

Cross site scripting is a type of attack where:

technology security

  1. Attacker changes the privilege level through a script

  2. Attacker uploads a message that contains client side code that attacks anyone that reads it.

  3. A script is run at the attackers machine

  4. None of the above

Show answer
Correct Option: B

It is a good programming practice to prevent Caching of sensitive data at client or proxies by implementing:

technology security

  1. "Cache-Control: do not-cache, do not save"

  2. "Cache-Control: do not-save, do not store"

  3. "Cache-Control: no-cache, no store"

  4. "Cache-Control: do not cache"

Show answer
Correct Option: C
Explanation:

To solve this question, the user needs to know about caching and how to prevent sensitive data from being cached on clients or proxies.

Option A: "Cache-Control: do not-cache, do not save" - This option is not entirely correct. Although the "do not-cache" directive will prevent the client or proxy from caching the data, there is no "do not save" directive in the Cache-Control header field.

Option B: "Cache-Control: do not-save, do not store" - This option is incorrect. There is no "do not-save" or "do not store" directive in the Cache-Control header field.

Option C: "Cache-Control: no-cache, no store" - This option is correct. The "no-cache" directive indicates that the client or proxy should not use a cached copy of the data for subsequent requests, but it should revalidate the data with the origin server. The "no-store" directive indicates that the client or proxy should not store the data in any form of cache. Together, these directives ensure that sensitive data is not cached on the client or proxy.

Option D: "Cache-Control: do not cache" - This option is not entirely correct. The "do not cache" directive will prevent the client or proxy from caching the data, but it does not prevent the data from being stored in other forms of cache.

Therefore, the correct answer is:

The Answer is: C

Which is not a component of IIS application ?
technology security

  1. FTP

  2. Common files

  3. Background Intelligent Transfer Service (BITS)

  4. All of the choices are component of IIS

Show answer
Correct Option: D