Tag: technology

Questions Related to technology

Name the attack:Attacker manipulates the cookie parameter
technology security

  1. Web cache poisoning

  2. Account Harvesting

  3. Eaves dropping

  4. Cookie Poisoning

Show answer
Correct Option: D

Name the query language for reading XML document

technology security

  1. Xpath

  2. XmlReader

  3. SQL

  4. xmlPlus

Show answer
Correct Option: A
Explanation:

To read XML documents, the query language used is XPath.

Option A is correct because XPath is a query language used to navigate and select elements and attributes in an XML document. It provides a syntax for addressing specific parts of an XML document, similar to how directories and files are addressed in a file system.

Option B, XmlReader, is incorrect because XmlReader is a .NET class used to read XML documents, but it is not a query language. It provides a way to read XML data sequentially and extract information from it.

Option C, SQL, is incorrect because SQL is a query language used to interact with relational databases, not XML documents.

Option D, xmlPlus, is incorrect because there is no such query language with that name for reading XML documents.

Therefore, the answer is: A. XPath

Which one is not a counter measure for log tampering
technology security

  1. Digitally signed and stamped logs

  2. Log file Read/write privilege is controlled by System administrator

  3. Separate logs for system events

  4. Transaction log for all application events

Show answer
Correct Option: B

DMZ is a

technology security

  1. DMZ is the place where customers servers are deployed.

  2. DMZ is an area where all the protocols are allowed to pass through.

  3. semi trusted network zone that separates the untrusted internet from the companys trusted internal network

  4. DMZ is cyber warfare terminology

Show answer
Correct Option: C

AI Explanation

To answer this question, we need to understand what a DMZ (Demilitarized Zone) is.

Option A) DMZ is the place where customers servers are deployed - This option is incorrect. While it is true that servers can be deployed in a DMZ, a DMZ itself is not specifically for customer servers.

Option B) DMZ is an area where all the protocols are allowed to pass through - This option is incorrect. A DMZ does not allow all protocols to pass through. It is designed to allow only specific protocols or services that are necessary for external communication.

Option C) A semi-trusted network zone that separates the untrusted internet from the company's trusted internal network - This option is correct. A DMZ is a network segment that acts as a buffer zone between an organization's trusted internal network and the untrusted external network (such as the internet). It is designed to provide an additional layer of security by isolating externally accessible services from the internal network.

Option D) DMZ is cyber warfare terminology - This option is incorrect. While the term "DMZ" may be used in the context of cyber warfare, in the context of computer networks, a DMZ refers to a specific network configuration.

The correct answer is C) A semi-trusted network zone that separates the untrusted internet from the company's trusted internal network. This option is correct because it accurately describes the purpose and function of a DMZ.

Cookie value gets submitted during POST submit of HTML FORM

technology security

  1. SQL Injection

  2. Cross site request forgery

  3. Session fixation

  4. session hijack

Show answer
Correct Option: C
Explanation:

To solve this question, the user needs to know about common web application vulnerabilities and their characteristics.

The correct answer is: C. Session fixation

Option A, SQL Injection, is incorrect because it is a type of attack that targets the database layer of a web application, not the HTTP protocol layer that handles form submissions.

Option B, Cross Site Request Forgery (CSRF), is incorrect because it involves tricking a user into submitting a form on a different website that performs an action on the user's behalf on a target website, not manipulating the values submitted within a form on the same website.

Option D, Session Hijacking, is incorrect because it involves stealing or guessing a user's session ID to impersonate them on a web application, not manipulating the values submitted within a form.

Option C, Session Fixation, is the correct answer. Session fixation is a type of attack where an attacker sets a user's session ID before the user logs in, then waits for the user to authenticate with that ID. Once the user logs in, the attacker can use the known session ID to access the user's session and perform actions on their behalf. In this case, the attacker could set a cookie value in the HTML form submission and then use that value to access the user's session.

Password complexity check should be implemented where?

technology security

  1. Client side only

  2. server side only

  3. Both client and server side

  4. In the SQL procedure

Show answer
Correct Option: B

AI Explanation

To answer this question, you need to understand the concept of password complexity and where it should be implemented.

Option A) Client side only - This option is incorrect because implementing password complexity checks only on the client side is not sufficient. Client-side checks can be easily bypassed, as the client-side code can be modified or manipulated by the user.

Option B) Server side only - This option is correct because implementing password complexity checks on the server side is the most secure approach. It ensures that the checks are enforced and cannot be bypassed by the client.

Option C) Both client and server side - This option is incorrect because while implementing password complexity checks on both the client and server side might provide an additional layer of security, it is not necessary. The server-side checks are sufficient to enforce password complexity requirements.

Option D) In the SQL procedure - This option is incorrect because implementing password complexity checks in the SQL procedure is not recommended. The SQL procedure should be responsible for database operations and not for enforcing password complexity rules.

The correct answer is B) Server side only. This option is correct because implementing password complexity checks on the server side ensures that the checks are enforced and cannot be bypassed by the client.

While using "Forgot Password" feature by user to recover the password, what should be checked first
technology security

  1. whether the credentials provided are valid and correct

  2. whether account is already disabled

  3. whether account is locked

  4. whether the CAPTCHA values entered by the user same as what is in the image

Show answer
Correct Option: B

Which tool can be used for Threat Modeling
technology security

  1. HP Web Inspect

  2. Nessus

  3. Open Vas

  4. TAM

Show answer
Correct Option: D
Explanation:

To solve this question, the user needs to understand what Threat Modeling is and what tools can be used for it.

Threat Modeling is a process of identifying potential security threats and vulnerabilities in an application or system. It helps to find security weaknesses early in the development cycle, reducing the risk of costly security breaches in the future.

Now, let's go through each option and explain why it is right or wrong:

A. HP Web Inspect: HP Web Inspect is a web application security scanner that can help identify vulnerabilities in web applications. However, it is not a tool that is typically used for threat modeling.

B. Nessus: Nessus is a popular vulnerability scanner that can help detect and report potential security issues. While it can be used as part of a threat modeling process, it is not specifically designed for threat modeling.

C. Open Vas: OpenVAS is an open-source vulnerability scanner that can help identify vulnerabilities in networks and systems. While it can be used as part of a threat modeling process, it is not specifically designed for threat modeling.

D. TAM: TAM (Threat Agent Modeling) is a structured approach to identifying potential threats to a system or application. It is a tool that can be used for threat modeling, as it helps identify and prioritize potential threats based on the likelihood and impact of each threat.

Therefore, the correct answer is: D. TAM

Name the attack: A software that uses a security hole to carry out an attack before the developer knows about the vulnerability.
technology security

  1. Zero day

  2. Unknown

  3. stealth

  4. Trojan

Show answer
Correct Option: A
Explanation:

To answer this question, the user needs to have knowledge about cybersecurity and different types of attacks. The attack described in the question is a type of cyber attack that exploits a vulnerability before the developer is aware of it.

Option A is correct. This type of attack is called a "zero-day" attack. It refers to an attack that exploits a security vulnerability that the developer or vendor is unaware of and has not had time to patch. Zero-day attacks are particularly dangerous because they can be used to gain unauthorized access to systems or steal sensitive data without being detected.

Option B is incorrect because "unknown" is too broad of a term to refer to a specific type of attack.

Option C is incorrect because "stealth" is a term used to describe the ability of an attack to remain undetected. While zero-day attacks can certainly be stealthy, "stealth" is not the specific term used to describe this type of attack.

Option D is incorrect because a Trojan is a specific type of malware that disguises itself as a legitimate program in order to gain access to a system. While a Trojan can certainly be used in a zero-day attack, the two terms are not interchangeable.

Therefore, the correct answer is:

The Answer is: A. Zero day

Name the attack: Hacker sends an e-mail that claims you have won a prize and all you have to do is click this link to claim your prize.
technology security

  1. session hijacking

  2. XSS

  3. HTTP Response splitting

  4. HTML Injection

Show answer
Correct Option: B