Tag: security

Questions Related to security

If an attacker submit multiple input parameters (query string, post data, cookies,etc.) of the same name, the application may react in unexpected ways and open up new avenues of server-side and client-side exploitation.This is the premise of
technology security

  1. HTTP Parameter Pollution

  2. Session Splitting

  3. Parameter Damage

  4. Parameter Busting

Show answer
Correct Option: A
Explanation:

To solve this question, the user needs to understand the concept of security vulnerabilities related to web applications.

The correct answer is A. HTTP Parameter Pollution.

Explanation:

HTTP Parameter Pollution (HPP) is a security vulnerability that arises when an attacker submits multiple input parameters of the same name to a web application. This can lead to unexpected behaviors on the server-side and client-side, which can then be exploited by attackers to achieve their goals.

Option B, Session Splitting, is not related to the given premise. Session Splitting is a technique used to distribute user sessions across multiple servers to improve performance and scalability.

Option C, Parameter Damage, is not a commonly used term in the field of web application security. It is not related to the given premise.

Option D, Parameter Busting, is not a commonly used term in the field of web application security. It is not related to the given premise.

Therefore, the correct answer is:

The Answer is: A. HTTP Parameter Pollution.

___________ is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages
technology security

  1. Clickjacking

  2. RoughJacking

  3. CyberJacking

  4. CrackJacking

Show answer
Correct Option: A
Explanation:

To solve this question, the user needs to have knowledge of web security and common malicious techniques used by hackers.

The technique described in the question is known as "Clickjacking", which is used to trick web users into clicking on a button or link that is disguised as something else, thereby revealing confidential information or taking control of their computer.

Now, let's go through each option and explain why it is right or wrong:

A. Clickjacking: This option is correct. Clickjacking is a malicious technique used by hackers to deceive web users into clicking on a disguised button or link, which results in the user revealing confidential information or giving control of their computer to the attacker.

B. RoughJacking: This option is incorrect. "RoughJacking" is not a known term in web security, and there is no evidence to suggest that it is a malicious technique used by hackers.

C. CyberJacking: This option is incorrect. "CyberJacking" is a broad term that can refer to a range of malicious activities, but it is not specific to the technique described in the question.

D. CrackJacking: This option is incorrect. "CrackJacking" is not a known term in web security, and there is no evidence to suggest that it is a malicious technique used by hackers.

Therefore, the correct answer is: A. Clickjacking.

What is a an Evercookie?
technology security

  1. Evercookie is a javascript API available that produces extremely persistent cookies in a browser

  2. Evercookie is a cookie anonymysing tool

  3. Evercookie is a FireFox Plugin

  4. Evercookie is a cookie pollution tool

Show answer
Correct Option: A

Which of the following is a valid crypto graphic attack
technology security

  1. Padding Oracle Attack

  2. Padding CBC Attack

  3. Oracle Lockback

  4. Padding Filter

Show answer
Correct Option: A

Strcpy(), strcat(), strncpy(), sprint(), gets() are all included in

technology security

  1. Safe APIs

  2. Banned APIs

  3. String APIs

  4. CAPIs

Show answer
Correct Option: B

AI Explanation

To answer this question, you need to understand the purpose and characteristics of these functions.

Option A) Safe APIs - This option is incorrect because some of the functions mentioned, such as gets(), are considered unsafe and can lead to buffer overflow vulnerabilities.

Option B) Banned APIs - This option is correct because some of the functions mentioned, such as gets(), are considered unsafe and have been banned in modern programming practices due to security concerns.

Option C) String APIs - This option is incorrect because while some of the functions mentioned, such as strcpy(), strcat(), and strncpy(), are related to manipulating strings, not all of them fall into this category.

Option D) CAPIs - This option is incorrect because the term "CAPIs" is not commonly used to refer to these functions.

The correct answer is B) Banned APIs. This option is correct because some of the functions mentioned, such as gets(), have been banned in modern programming practices due to security vulnerabilities.

_________is a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines
technology security

  1. MsCop

  2. FxCop

  3. RsCop

  4. DxCop

Show answer
Correct Option: B

Ollydbg is a popular
technology security

  1. Compiler

  2. Reverse Engineering tool

  3. Database Monitoring tool

  4. Macro Analyzer

Show answer
Correct Option: B

NOP sled technique is a popular
technology security

  1. Reverse Engineering Technique

  2. Buffer Overflow Attack Technique

  3. Log Analysing Technique

  4. Data Analysis Technique

Show answer
Correct Option: B