Tag: science & technology

Questions Related to science & technology

Multiple choice general knowledge science & technology
  1. Weak Security Configuration

  2. Cross Site Request Forgery

  3. Weak Protection of Transportation Layer

  4. Cross Site Scripting

Reveal answer Fill a bubble to check yourself
A Correct answer
Explanation

Exception stack traces exposed to users reveal internal system details: file paths, database schemas, software versions, and potential vulnerabilities. Attackers use this information for targeted attacks. This is a clear case of Security Misconfiguration (specifically, Weak Security Configuration). Proper error handling should show generic messages to users.

Multiple choice general knowledge science & technology
  1. Cross Site Request Forgery

  2. Insecure Cryptographic Storage

  3. Security Misconfiguration

  4. Unvalidated Redirects and Forwards

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

Security Misconfiguration includes leaving default configurations unchanged: default admin accounts, default passwords, demo pages, or unused services installed. Attackers know these defaults and use them to gain unauthorized access. The scenario describes exactly this - default admin console with default credentials unchanged.

Multiple choice general knowledge science & technology
  1. Failure to Restrict URL Access

  2. Unvalidated Redirects and Forwards

  3. Cross Site Request Forgery

  4. Insecure Cryptographic Storage

Reveal answer Fill a bubble to check yourself
D Correct answer
Explanation

Using strong hashing algorithms with salts prevents Insecure Cryptographic Storage. Salting adds uniqueness to each password, preventing rainbow table attacks. Strong hashing (bcrypt, scrypt, Argon2) resists brute-force attacks. Without these, stolen password databases can be easily cracked, leading to credential theft.

Multiple choice general knowledge science & technology
  1. Insecure Cryptographic Storage

  2. Failure to Restrict URL Access

  3. Insufficient Transport Layer Protection

  4. Unvalidated Redirects and Forwards

Reveal answer Fill a bubble to check yourself
A Correct answer
Explanation

This is a classic Insecure Cryptographic Storage scenario. Encrypting data is useless if the decryption key is stored alongside the encrypted data. When the backup tape is stolen, the attacker has both the encrypted data and the key to decrypt it. Keys must be stored separately, preferably in a secure key management system.

Multiple choice general knowledge science & technology
  1. Failure to Restrict URL Access

  2. Cross Site Scripting

  3. Broken Authentication and Session Management

  4. Insufficient Transport Layer Protection

Reveal answer Fill a bubble to check yourself
A Correct answer
Explanation

Failure to Restrict URL Access happens when applications don't verify authorization for every page request. Attackers can simply guess or manipulate URLs (like /admin, /user/profile/123) to access privileged functionality. The scenario describes this exactly - an authorized user changes URL to access unprotected privileged pages.

Multiple choice general knowledge science & technology
  1. Insufficient Transport Layer Protection

  2. Unvalidated Redirects and Forwards

  3. Failure to Restrict URL Access

  4. Injection

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

The deny-by-default approach prevents Failure to Restrict URL Access by ensuring no page is accessible without explicit authorization. This is a defense-in-depth strategy where developers must explicitly grant access rather than accidentally leave pages unprotected. It prevents attackers from accessing unprotected pages through URL manipulation.

Multiple choice general knowledge science & technology
  1. Require SSL for all sensitive pages. Non-SSL requests to these pages should be redirected to the SSL page

  2. A strong application architecture that provides good separation and security between components

  3. Use of Whitelist or Parameterized API

  4. All of the Above

Reveal answer Fill a bubble to check yourself
A Correct answer
Explanation

Not using SSL for authenticated pages allows attackers on the network to intercept session cookies (sniffing). Requiring SSL for all sensitive pages encrypts traffic, preventing cookie theft. The scenario describes Insufficient Transport Layer Protection. Requiring SSL and redirecting non-SSL requests is the correct defense.

Multiple choice general knowledge science & technology
  1. Injection

  2. Cross Site Request Forgery

  3. Unvalidated Redirects and Forwards

  4. Failure to Restrict URL Access

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

Using mapping values instead of actual URLs prevents Unvalidated Redirects and Forwards. Instead of redirecting to user-supplied URLs, the application uses those values as keys to look up allowed destinations. This prevents attackers from crafting malicious redirect URLs to phishing sites. The mapping acts as a whitelist.

Multiple choice general knowledge science & technology
  1. Study of nose

  2. Study of Rain

  3. Study of Rhinos

  4. Art of shading

Reveal answer Fill a bubble to check yourself
A Correct answer
Explanation

Rhinology is the medical specialty focused on the study and treatment of the nose and sinuses. ENT specialists who focus on nasal disorders are rhinologists.