Tag: security

Questions Related to security

Which are the default codecs supported to help encode characters to be safely used on OS command shells
technology security

  1. Unix Codec

  2. Windows Codec

  3. Unix and Windows Codec

  4. Linux Codec

Show answer
Correct Option: C

The security API supports codecs for SQL Strings of which of the following databases ?
technology security

  1. Oracle

  2. MySQL

  3. Both of the above

  4. Oracle, MySQL, Sybase, DB2

Show answer
Correct Option: C

What is the functionality of the seal() method ?
technology security

  1. Creates a seal that binds a set of data and includes an expiration timestamp

  2. Encodes the data

  3. Hashes the data

  4. Scrambles the data

Show answer
Correct Option: A

What method is provided within the security API to prevent caching by browsers and proxies?
technology security

  1. void setNoCacheHeaders(javax.servlet.http.HttpServletResponse response)

  2. void setNoCacheHeaders(javax.servlet.http.HttpServletRequest request)

  3. boolean setNoCacheHeader(javax.servlet.http.HttpServletResponse response)

  4. void setNoCacheHeaders(javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException

Show answer
Correct Option: A

Which method among the below could be used as a defense against Cross Site Request Forgery?
technology security

  1. encryptHiddenField(java.lang.String value)

  2. addCSRFToken(final java.lang.String href)

  3. verifySecureComm(javax.servlet.http.HttpServletRequest request)

  4. setSafeContentType(javax.servlet.http.HttpServletResponse response)

Show answer
Correct Option: B

Which set of security API methods could be used as the best defense against Cross Site Scripting?
technology security

  1. Input Validation and OutPut Encoding

  2. Authentication and Authorization

  3. Data Protection and Cryptography

  4. HTTP and Communication Security

Show answer
Correct Option: A

What is the signature of the sign method in the security API?
technology security

  1. java.lang.String sign(java.lang.String data, java.lang.String key) throws EncryptionException

  2. java.lang.String sign(java.lang.String data, java.lang.String key)

  3. java.lang.String sign(java.lang.String data)

  4. java.lang.String sign(java.lang.String data) throws SecurityException

Show answer
Correct Option: D

What is the signature of the seal method in the security API?
technology security

  1. java.lang.String seal(java.lang.String data,long timestamp) throws SecurityException

  2. java.lang.String seal(java.lang.String data,long timestamp) throws EncryptionException

  3. java.lang.String seal(java.lang.String data)

  4. java.lang.String seal(java.lang.String data) throws EncryptionException

Show answer
Correct Option: A

"SELECT name FROM users WHERE id = " + form.getUserID()"; Using TCS SAPI what is the best way to remediate the SQL injection vulnerability in the above query to an Oracle Database?
technology security

  1. "SELECT name FROM users WHERE id = " + com.tcs.sapi.io.ValidationUtil.encodeForOraSQL(validatedUserId);

  2. "SELECT name FROM users WHERE id = " + com.tcs.sapi.io.ValidationUtil.encodeForSQL(validatedUserId);

  3. "SELECT name FROM users WHERE id = " + com.tcs.sapi.io.ValidationUtil.encodeForSQL( new Codec(), validatedUserId);

  4. None of the above

Show answer
Correct Option: A

What is the best methodology to remediate the SQL Injection vulnerability in a Java based web application?
technology security

  1. Use the com.tcs.sapi.io.ValidationUtil.encodeForOraSQL(String input) method

  2. Use PreparedStatement constructs and use the setXXX methods on the PreparedStatement object

  3. Use the Java createStatement construct to execute the query

  4. Concatenate your SQL string together using dynamic input and create and execute a PreparedStatement object using that query

Show answer
Correct Option: B