Tag: security

Questions Related to security

The difference between a GET and a POST request is
technology security

  1. It does not matter, the web serve will treat all GET requests as POST requests

  2. The information in a POST request cannot be manipulated. It is possible to change a GET request

  3. A GET request is sent when requesting information; A POST request is sent when sending information

  4. The data is sent in the body of the POST request and in the URL in a GET request

Show answer
Correct Option: D

In order to avoid information disclosure error messages containing stack traces, specific application information should be

technology security

  1. Sent to the user in a hidden field so that tech support can retrieve the information later

  2. Destroyed if it occurs to minimize the chances that this information might be inadvertently disclosed

  3. Logged on the server side

  4. A and C

Show answer
Correct Option: C

Which form of accountability should be used

technology security

  1. Accounts for each user

  2. Account for each group of users

  3. Accounts for each business unit

  4. None of the above

Show answer
Correct Option: A

What is suggested as the leading practice for the maximum length of time before users are forced to change their passwords?
technology security

  1. 60 days

  2. 180 days

  3. 120 days

  4. 90 days

Show answer
Correct Option: D

Leaving comments in HTML source code when an application leaves the development environment

technology security

  1. Is a good programming practice

  2. Is very useful during code reviews

  3. Is the recommended practice for secure code maintenance

  4. May give the attacker valuable information to perform an exploit

Show answer
Correct Option: D

Which of the following is true?

technology security

  1. Servers are generally configured in a secure manner when they are first installed

  2. It is impossible to securely configure a web server

  3. Out of the box settings normally meet what is called minimum baseline security standards

  4. The default settings on web servers are not generally secure

Show answer
Correct Option: D

Which of the following is NOT recommended for securing Web Applications against malicious users?
technology security

  1. Filtering data with a default deny regular expression

  2. Running the application with the least privilege necessary

  3. Client side data validation

  4. Retrieving data from database using pre-compiled stored procedures

Show answer
Correct Option: C

Phishing attacks are successful when

technology security

  1. The web server is not patched

  2. The attack entices a user to perform a certain action

  3. Users do not patch their machines

  4. Users share email accounts

Show answer
Correct Option: B

How to stop forceful browsing?

technology security

  1. Check authorization on each page

  2. Name files with un-guessable names

  3. Place all accessible files in the same directory

  4. ACL's on the web root

Show answer
Correct Option: A

Extra parameters which are currently not used in the application

technology security

  1. Is necessary to check some functionalities during the testing and production support

  2. May lead to security breaches

  3. Do not consume significant bandwidth and so can be allowed in the application

  4. Is necessary in case the application needs a future addition

Show answer
Correct Option: B