Tag: security

Questions Related to security

Which of the following is true regarding reverse engineering of compiled Java code
technology security

  1. Java sand box environment provides protection against decompilation

  2. Java is compiled into ELF binaries and cannot be decompiled

  3. Java byte code can always be decompiled, code obfuscators can make the reverse engineering process more time confusing but cannot prevent it

  4. Java is difficult to decompile because the Just-In-Time compiler automatically perform string encryption by default

Show answer
Correct Option: C

Requirements for administrator authentication should be
technology security

  1. Equivalent to normal users

  2. Less than those of normal users as all administrators are trustworthy

  3. No authentication is required for administrators

  4. Greater than those of normal users

Show answer
Correct Option: D

Account lockouts should
technology security

  1. Only be used on administrator accounts to ensure continuous access to users

  2. Only be used on user accounts to ensure that administrators are not locked out of the application

  3. Only be used when there is a secure process to unlock the account

  4. None of the above

Show answer
Correct Option: C

Hard Coding credentials
technology security

  1. Cannot be treated as a secure practice

  2. Is a good way to hide passwords from hackers

  3. Is perfectly fine for internal applications

  4. Is perfectly fine for external user facing applications

Show answer
Correct Option: A

Configuration Management Security principles apply to
technology security

  1. Commercial applications

  2. Custom built applications

  3. In house developed applications

  4. All of the above

Show answer
Correct Option: D

Data hashing will
technology security

  1. Ensure that the data has not been tampered with

  2. Ensure that the session is valid

  3. Ensure that the user is valid

  4. All of the above

Show answer
Correct Option: A

A successful forced browsing attack indicates a vulnerability in

technology security

  1. The configuration management

  2. The session management

  3. The change management process

  4. The authorization process

Show answer
Correct Option: D

AI Explanation

To answer this question, let's go through each option to understand why it is correct or incorrect:

Option A) The configuration management - This option is incorrect because forced browsing attacks do not directly target configuration management. Forced browsing attacks involve accessing unauthorized directories or files by manipulating URLs or paths.

Option B) The session management - This option is incorrect because forced browsing attacks do not directly target session management. Forced browsing attacks focus on accessing unauthorized information, not manipulating session data.

Option C) The change management process - This option is incorrect because forced browsing attacks do not directly target the change management process. Forced browsing attacks involve accessing unauthorized directories or files, rather than exploiting weaknesses in the change management process.

Option D) The authorization process - This option is correct because a successful forced browsing attack indicates a vulnerability in the authorization process. Forced browsing attacks involve accessing unauthorized directories or files by manipulating URLs or paths. If the authorization process is not properly implemented, attackers can bypass access controls and gain unauthorized access to sensitive information.

The correct answer is D) The authorization process. This option is correct because forced browsing attacks exploit vulnerabilities in the authorization process, allowing unauthorized access to protected resources.

Which of the protocols can be used together?
technology security

  1. SOAP and SAML

  2. SOAP and HTTP

  3. SSL and SOAP

  4. All

Show answer
Correct Option: D

Administrative pages for websites should be protected by
technology security

  1. A mechanism that requires only a password

  2. Basic authentication

  3. 2/3 factor authentication

  4. A mechanism with no lock-out, to prevent accidentally denying legitimate access

Show answer
Correct Option: C

Which Scope contain data specific to a user session?
technology security

  1. Page Scope

  2. Session Scope

  3. Request Scope

  4. Application Scope

Show answer
Correct Option: B