Tag: security

Questions Related to security

Which HTTP method suits best for sending the form field data from a web browser to the server as a best practice?
technology security

  1. GET

  2. POST

  3. PUT

  4. TRACE

Show answer
Correct Option: B

A web application security requirement stated that it must not behave differently under similar circumstances and should promise a consistent functionality even when overloaded or a tampering is attempted. The requirement is of:
technology security

  1. CONFIDENTIALITY

  2. INTEGRITY

  3. AVAILABILITY

  4. ACCOUNTABILITY

Show answer
Correct Option: B

Which of the following is not a possible outcome of SQL injection vulnerability?
technology security

  1. Denial of Service

  2. Data Manipulation

  3. Authentication bypass

  4. Directory Listing and Traversal

Show answer
Correct Option: D

If a user is able to access the privileges of higher roles than the role he has actually been assigned, he does so by intercepting and changing the values of the parameters that are sent by a browser to the server. In the case select the weakness that fits best in this scenario.
technology security

  1. HTTP methods such as OPTIONS, PUT, and DELETE are enabled on the web server

  2. Lack of sufficient client side validation

  3. Lack of sufficient server side validation

  4. Lack of exception handling

Show answer
Correct Option: C

What is the best way to mitigate a Cross Site Scripting while enabling the special characters such as javascript tags to be displayed on the web browser without actually being executed?
technology security

  1. URL/HTML encoding

  2. Blacklisting

  3. Whitelisting

  4. Parameterized SQL queries in application code/configuration

Show answer
Correct Option: A

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is primarily for:
technology security

  1. Distinguishing a computer from a human, primarily to restrict the access

  2. Supporting multifactor authentication

  3. Provide a secure channel for client server communication

  4. Providing a friendly interface between human and computers

Show answer
Correct Option: A

A website currently allows a user to download the website’s backup file stored in one of the hidden folders due to vulnerability. In this context which of the following could be associated with it?
technology security

  1. Input Validation

  2. Configuration Management/Insecure Configuration

  3. Error Handling

  4. Denial of Service

Show answer
Correct Option: B

A user performs a high volume financial transaction through a bank website; however after that action the user denies that he has performed the transaction. What threat classification does this scenario relate to?
technology security

  1. Spoofing

  2. Tampering

  3. Repudiation

  4. Denial of Service

Show answer
Correct Option: C

A session ID is required for a client server communication after an authentication since HTTP is a:
technology security

  1. STATEFUL protocol

  2. STATELESS protocol

  3. Protocol for file transfer

  4. Post Office Protocol

Show answer
Correct Option: B

A SQL Injection vulnerability can be best mitigated by using:
technology security

  1. SSL/TLS Implementation

  2. URL/HTML Encoding

  3. Using parameterized queries

  4. Configuring web server to restrict directory listing

Show answer
Correct Option: C