Tag: security

Questions Related to security

Requirements for administrator authentication should be
technology security

  1. Equivalent to normal users

  2. Less than those of normal users as all administrators are trustworthy

  3. No authentication is required for administrators

  4. Greater than those of normal users

Show answer
Correct Option: D
Explanation:

To determine the requirements for administrator authentication, the user must understand the concept of administrator accounts and their privileges.

Admin accounts have higher privileges than normal user accounts and can perform tasks that can affect the entire system. Therefore, they require greater security measures to prevent unauthorized access and misuse of their privileges.

Option A is incorrect because the authentication requirements for administrators should be greater than those of normal users.

Option B is incorrect because all administrators cannot be considered trustworthy. They may intentionally or unintentionally cause harm or damage to the system.

Option C is incorrect because no authentication for administrators would pose a significant security risk and make the system vulnerable to attacks.

Option D is correct because administrators require greater authentication requirements to ensure that only authorized personnel can access their accounts and perform tasks that can affect the system.

Therefore, the answer is: D. Greater than those of normal users.

Account lockouts should
technology security

  1. Only be used on administrator accounts to ensure continuous access to users

  2. Only be used on user accounts to ensure that administrators are not locked out of the application

  3. Only be used when there is a secure process to unlock the account

  4. None of the above

Show answer
Correct Option: C

Hard Coding credentials
technology security

  1. Cannot be treated as a secure practice

  2. Is a good way to hide passwords from hackers

  3. Is perfectly fine for internal applications

  4. Is perfectly fine for external user facing applications

Show answer
Correct Option: A

Which languages are vulnerable to Cross Site Scripting attacks ?
technology security

  1. Java

  2. ASP.Net

  3. Perl

  4. All of the above

Show answer
Correct Option: D

With a successful format string attack against the web application, the attacker is able to …
technology security

  1. Read only certain memory areas using the %s token

  2. Write only certain areas using other tokens

  3. Read and write to memory at will

  4. None of the above

Show answer
Correct Option: C

What does “White List” data validation means?
technology security

  1. Data is validated against a list of values that are known to be valid

  2. Data is validated against a list of values that are known to be invalid

  3. Both of the above

  4. None of the above

Show answer
Correct Option: A

Failing to properly validate uploaded files could result in:
technology security

  1. Arbitrary code execution

  2. Inadequate caching headers

  3. Distributed Denial of Service Attack against clients

  4. None of the above

Show answer
Correct Option: A

In which of the following exploits does an attacker insert malicious code into a link that appears to be from a trustworthy source?
technology security

  1. Cross-Site Scripting

  2. Buffer over flows

  3. Command injection

  4. Path traversal attack

Show answer
Correct Option: A

Why is “Black List” input validation considered a weak validation method ?
technology security

  1. Because the validation settings are hard coded.

  2. Susceptible to bypass using various forms of character encoding

  3. Because it's difficult to implement a black list filter that also takes into account data sent using the POST method

  4. Because it is typically implemented using regular expressions to match known good data patterns

Show answer
Correct Option: B

Once an input data validation flags an input as “invalid” what would be the most secure response ?
technology security

  1. Escape the invalid characters and continue processing the input data

  2. Accept the input data without modifying it and log the validation error

  3. Delete the invalid characters and continue processing the input data

  4. Reject the entire input data and send an error message back to the user

Show answer
Correct Option: D