Tag: security

Questions Related to security

Which of the following is not an web application vulnerability ?
technology security

  1. Invalidated input

  2. Cross site scripting (XSS)

  3. Use of firewall for content verification

  4. web sever misconfiguration

Show answer
Correct Option: C

Which piece of information is most likely to be gleaned from html source code?
technology security

  1. Directory structures

  2. Facility security measures

  3. Alarm codes

  4. Password policy

Show answer
Correct Option: A

Web applications that handle sensitive information employ appropriate communication protocols to encrypt the data in transit. Which one of the following communication protocols encrypts data during transit
technology security

  1. HTTP 1.1

  2. HTTP 1.0

  3. SSL/TLS

  4. HTTP Keep-Alive

Show answer
Correct Option: C

Refer URL : http://www.testrun.com/login.aspx?id=' OR 1=1- . Which type of attack refered in this URL

technology security

  1. Cross Site Scripting (XSS)

  2. Buffer Overflow

  3. SQL Injection

  4. Cross Site Request Forgeries (CSRF)

Show answer
Correct Option: C

Which of the following is not a security mechanism
technology security

  1. Defence

  2. Dumpster Diving

  3. Deterrence

  4. Detection

Show answer
Correct Option: B

Which of the following best describes the purpose of using disclaimers

technology security

  1. Make user aware of his obligation and establish accountability for his action

  2. Publish organizations policies

  3. Showcase organization's technological advancements

  4. Detect any intrusion into internal network of the organization

Show answer
Correct Option: A

AI Explanation

To answer this question, you need to understand the purpose of using disclaimers.

Option A) Make user aware of his obligation and establish accountability for his action - This option is correct because the purpose of using disclaimers is to inform users of their obligations and establish accountability for their actions. Disclaimers typically outline the terms and conditions of use, any limitations or liabilities, and any legal or regulatory obligations that users must adhere to.

Option B) Publish organizations policies - This option is incorrect because while disclaimers may mention or refer to organizational policies, their primary purpose is not to publish policies. Disclaimers focus more on informing users about their obligations and the limitations of the organization's liability.

Option C) Showcase organization's technological advancements - This option is incorrect because disclaimers are not typically used to showcase an organization's technological advancements. Disclaimers are more focused on providing legal and regulatory information to users.

Option D) Detect any intrusion into the internal network of the organization - This option is incorrect because detecting intrusions into the organization's internal network is not the purpose of using disclaimers. Disclaimers are more concerned with informing users about their obligations and establishing accountability.

The correct answer is A) Make user aware of his obligation and establish accountability for his action. This option is correct because it accurately describes the purpose of using disclaimers. Disclaimers are used to inform users of their obligations and establish accountability for their actions.

Which is the correct phase of SDLC to start aiming for a secure application as end result

technology security

  1. Go-Live (deployment to production)

  2. Support and Maintenance

  3. Requirement Gathering Phase

  4. Prototyping Phase

Show answer
Correct Option: C
Explanation:

To aim for a secure application as an end result, it is important to consider security from the beginning of the software development lifecycle (SDLC). Therefore, the correct phase of SDLC to start aiming for a secure application as an end result is the Requirement Gathering Phase.

Option A: Go-Live (deployment to production) - This phase involves releasing the software to the end-users. While security testing can be conducted during this phase, it is too late to start aiming for a secure application as an end result.

Option B: Support and Maintenance - This phase involves maintaining and improving the software after it has been deployed to the end-users. While security improvements can be made during this phase, the focus should be on maintaining the security of the existing software rather than starting from scratch.

Option C: Requirement Gathering Phase - This phase involves identifying the business requirements and goals of the software. It is important to consider security requirements during this phase to ensure that the software is designed with security in mind from the beginning.

Option D: Prototyping Phase - This phase involves creating a preliminary version of the software to test its functionality. While security testing can be conducted during this phase, the focus is on testing the software's functionality rather than securing it.

Therefore, the answer is: The Answer is: C.

Exception Handling refers to
technology security

  1. Identifying all possible erroneous inputs and managing how the application responds to them

  2. During application execution, if some special conditions are met, then a specific subroutine 'exception handler' is called

  3. Commercial runtime environments have tools that record debugging information from memory at the time of exception to provide 'root-cause' analysis information later.

  4. All of the above

Show answer
Correct Option: D
Explanation:

To answer this question, the user needs to have knowledge about exception handling in programming.

Option A is incorrect because identifying all possible erroneous inputs and managing how the application responds to them is a part of input validation. It is not the same as exception handling.

Option B is partially correct. During application execution, if some special conditions are met, then a specific subroutine 'exception handler' is called. Exception handling involves detecting errors that occur during the execution of a program and taking appropriate action to handle them. The "specific subroutine" is the exception handler which is executed when an exception is thrown.

Option C is also partially correct. Commercial runtime environments have tools that record debugging information from memory at the time of exception to provide 'root-cause' analysis information later. This tool is essential to debug errors and improve the quality of the software.

Option D is correct because all the options A, B, and C are correct explanations of exception handling.

Therefore, the answer is: D. All of the above.

It is not a good idea to include readymade code from google search into customer application deliverables even though it may save a lot of time and cost for the project because
technology security

  1. It may be copyrighted and not usable without explicit permission, payment or formal credit to creator

  2. It may carry spyware, backdoors or some form of malicious code

  3. It may breach the service agreement with customer if done without approval

  4. All of the above

Show answer
Correct Option: D
Explanation:

To answer this question, the user needs to understand the potential risks associated with using code from a Google search in customer application deliverables.

Now, let's go through each option and explain why it is right or wrong:

A. All of the above: This option is correct. All of the other options are valid reasons why it is not a good idea to use code from a Google search in customer application deliverables.

B. It may be copyrighted and not usable without explicit permission, payment or formal credit to creator: This option is correct. Code found through a Google search may be protected by copyright, and unauthorized use could lead to legal issues.

C. It may carry spyware, backdoors or some form of malicious code: This option is correct. Code found through a Google search may contain hidden malicious code that could compromise the security of the application or the user's data.

D. It may breach the service agreement with customer if done without approval: This option is correct. Using code from a Google search without proper approval could violate the terms of the service agreement with the customer.

Therefore, the answer is: A. All of the above.

Which is a common web server vulnerability?

technology security

  1. Limited user accounts

  2. Default installation

  3. Open shares

  4. No directory access

Show answer
Correct Option: B
Explanation:

To solve this question, the user needs to know about common web server vulnerabilities. The user must identify the vulnerability among the given options.

Now, let's go through each option and explain why it is right or wrong:

A. Limited user accounts: This option is not a common web server vulnerability. Limited user accounts may prevent unauthorized access to the web server, which is actually a security feature.

B. Default installation: This option is a common web server vulnerability. Many web servers are configured with default settings, which may include default user accounts, passwords, and configurations. Attackers can exploit these vulnerabilities to gain unauthorized access to the web server.

C. Open shares: This option is not a common web server vulnerability. Open shares are more often associated with file servers and network shares, rather than web servers.

D. No directory access: This option is not a common web server vulnerability. No directory access may prevent unauthorized access to sensitive directories on the web server, which is actually a security feature.

The Answer is: B