Tag: security

Questions Related to security

Which among the below is a browser based HTTP tampering tool for Firefox browser?
technology security

  1. LiveHTTPHeaders

  2. Sqlninja

  3. Bobcat

  4. WebGoat

Show answer
Correct Option: A

What product among the below can be used as a static code analyzer?
technology security

  1. Ounce

  2. WebInspect

  3. IBM RAD

  4. None of the above

Show answer
Correct Option: A

Which product among the below can be used as a penetration testing tool?
technology security

  1. Ounce

  2. DevInspect

  3. AppScan

  4. FXCop

Show answer
Correct Option: C

What is OWASP WebGoat?
technology security

  1. Web Proxy

  2. XSS Scanner

  3. An insecure J2EE web application

  4. None of the above

Show answer
Correct Option: C

The principle of least privilege as it applies to Access control mandates that:
technology security

  1. Group based access control should be implemented to assign permissions to application users

  2. Consistent authorization checking should be performed on all application pages

  3. A set of all allowable actions should be defined for each user role and all other's denied

  4. All failed access authorization requests should be logged to a secure location for review by administrators

Show answer
Correct Option: C

The ASAP process can applied at which phase of an application development for best results?
technology security

  1. During testing

  2. During development

  3. During all phases of development starting with requirement analysis and ending with rollout

  4. During design

Show answer
Correct Option: C

In the ASAP process what is the main activity carried out in the requirement analysis phase?
technology security

  1. Capture the customer requirements

  2. Update the project plan

  3. Capture and update the URS and SRS with security requirements for the project

  4. None of the above

Show answer
Correct Option: C

Who has the responsibility for remediation of the security vulnerabilities discovered during application security testing?
technology security

  1. ASAP Team

  2. Development Team

  3. Testing Team

  4. Project Management

Show answer
Correct Option: B

What are the different types of engagement models available for ASAP?
technology security

  1. Time and Money, Fixed price

  2. Offshore, Onshore, Offshore-Onshore

  3. Full-Fledged, Staggered, Fast Track

  4. None of the above

Show answer
Correct Option: C

As part of ASAP what type of analysis is performed during the design and build phase?
technology security

  1. Dynamic code analysis

  2. Static code analysis

  3. Both

  4. None

Show answer
Correct Option: B