Tag: security

Questions Related to security

Cross Site Scripting is

technology security

  1. a mechanism of sharing scripts between two websites

  2. a code injection technique that exploits a security vulnerability occurring in the database layer of an application

  3. is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

  4. is a way to protect websites using JavaScripts

Show answer
Correct Option: C

SQL Injection is

technology security

  1. a code injection technique that exploits a security vulnerability occurring in the database layer of an application

  2. is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users

  3. is a way to allow users to query database using web

  4. is a latest way to fight against database security issues

Show answer
Correct Option: A

Cross-site request forgery

technology security

  1. is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

  2. is an attempt to make a computer resource unavailable to its intended users by sending invalid/forged requests

  3. is a form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet

  4. is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts

Show answer
Correct Option: D

Denial of service

technology security

  1. is an action taken by server when invalid credentials are supplied by users

  2. is an action taken by firewall to prevent access to malicious users

  3. is an attempt to make a computer resource unavailable to its intended users

  4. is a way to prevent Cross Site Scripting attacks

Show answer
Correct Option: C

Social Engineering

technology security

  1. is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying).

  2. is a way to educate users about different security issues

  3. is a group formed by malicious users

  4. is a practice of engineering dealing with Social Security

Show answer
Correct Option: A

Most effective way to protect credentials in transit

technology security

  1. is by using complex passwords

  2. is to encrypt the entire login transaction using something like SSL

  3. is by not using public/shared PCs

  4. is by sending credentials by POST method

Show answer
Correct Option: B

It's OK to put sensitive information in HIDDEN form fields; after all, they're hidden.

technology security

  1. True

  2. False

Show answer
Correct Option: B

In what type of attack does an intruder manipulate a URL in such a way that the Web server executes or reveals the contents of a file anywhere on the server, including those lying outside the document root directory?

technology security

  1. cross-site scripting

  2. command injection

  3. path traversal attacks

  4. SQL injection

Show answer
Correct Option: C

Encrypted data is not at risk by keyloggers.

technology security

  1. True

  2. False

Show answer
Correct Option: B

Which of the following is NOT recommended for securing Web applications against authenticated users?

technology security

  1. Client-side data validation

  2. Running the application under least privileges necessary

  3. Filtering data with a default deny regular expression

  4. Using parameterized queries to access a database

Show answer
Correct Option: A

AI Explanation

To answer this question, you need to understand the various techniques used for securing web applications against authenticated users. Let's go through each option to understand why it is correct or incorrect:

Option A) Client-side data validation - This option is NOT recommended for securing web applications against authenticated users. Client-side data validation can easily be bypassed by attackers, as they have complete control over the client-side code. The validation should always be performed on the server-side to ensure the integrity and security of the application.

Option B) Running the application under least privileges necessary - This option is recommended for securing web applications against authenticated users. By running the application under the least privileges necessary, you limit the potential damage an attacker can do if they gain access to the application. This principle is known as the principle of least privilege.

Option C) Filtering data with a default deny regular expression - This option is recommended for securing web applications against authenticated users. By using a default deny regular expression, you ensure that only the allowed characters and patterns are accepted, while rejecting everything else. This helps prevent attacks such as SQL injection, cross-site scripting (XSS), and other input validation vulnerabilities.

Option D) Using parameterized queries to access a database - This option is recommended for securing web applications against authenticated users. Parameterized queries help prevent SQL injection attacks by separating the SQL code from the user-supplied input. This ensures that the input is treated as data and not as part of the SQL code.

The correct answer is A) Client-side data validation. This option is NOT recommended for securing web applications against authenticated users because it can easily be bypassed by attackers. Server-side validation is essential for ensuring the security and integrity of the application.