Tag: security

Questions Related to security

Which among the below is the correct way to safely encode the URL "/admin/findUser.do?name=" + request.getParameter( "dangerousInput" )
technology security

  1. String safeURIToDisplay= "/admin/findUser.do?name=" + TCSSAPI.encoder().encodeForJavaScript(request.getParameter( "dangerousInput"));

  2. String safeURIToDisplay = TCSSAPI.encoder().encodeForURL( "/admin/findUser.do?name=" + request.getParameter( "dangerousInput" ) );

  3. String safeURIToDisplay= "/admin/findUser.do?name=" + com.tcs.sapi.io.ValidationUtil.encodeForURL(request.getParameter( "dangerousInput"));

  4. None of the above

Show answer
Correct Option: C

Whats the use of adding the CSRF Token to the urls?
technology security

  1. Prevent Cross Site Scripting

  2. Prevent Cross Site Request Forgery

  3. Prevent Cross Site Tracing

  4. None of the above

Show answer
Correct Option: B

What does isSecureRequest(HttpServletRequest request) method accomplish?
technology security

  1. It checks if the http request is made on an SSL channel

  2. It checks if the http method is a POST

  3. Both of the above

  4. None of the above

Show answer
Correct Option: C

What messages does an object of EnterpriseSecurityException class contain?
technology security

  1. Log Message which gets logged in the log file and not safe to display to users

  2. User Message which is safe to display to users

  3. Both of the above

  4. None of the above

Show answer
Correct Option: C

What exception is thrown by the security API when a user attempts to access a resource that they are not authorized for?
technology security

  1. SecurityException

  2. AccessException

  3. AuthenitcationException

  4. Exception

Show answer
Correct Option: A

What is the most common exception thrown by the validation methods in the security API?
technology security

  1. Validation Exception

  2. SecurityException

  3. Encoding Exception

  4. Encryption Exception

Show answer
Correct Option: B

The usage of setRememberToken is
technology security

  1. Generally recommended

  2. Generally not recommended

  3. Should always be used

  4. Should not be used at all

Show answer
Correct Option: B

What are the different levels of logging provided in the API?
technology security

  1. Trace, warn, error and fatal

  2. Trace, debug, info, warn, error and fatal

  3. Debug, info, error, fatal

  4. Debug, Warn, Error

Show answer
Correct Option: A

Which methods in the TCS SAPI can be used to prevent Cross Site Scripting Attacks?
technology security

  1. isSafeHTML(java.lang.String context, java.lang.String input, boolean allowNull) and encodeForHTML(java.lang.String input)

  2. isSafeHTML(java.lang.String context, java.lang.String input)

  3. SafeHTML(java.lang.String context, java.lang.String input)

  4. ValidHTML(java.lang.String context, java.lang.String input)

Show answer
Correct Option: A

What is the base class for all Security related exceptions in the security API?
technology security

  1. SecurityException

  2. EnterpriseException

  3. EnterpriseSecurityException

  4. None of the above

Show answer
Correct Option: C