Tag: security

Questions Related to security

Choose the correct answer: ... Statement stmt = conn.createStatement (); ResultSet rs = stmt.executeQuery (); stmt.close (); conn.close(); ...

technology security

  1. Code is vulnerable as Resource is not released in the “finally” block

  2. Code is vulnerable as Resource is not released at all

  3. Code has no vulnerability

  4. Option 1 AND Option 2

Show answer
Correct Option: A

Choose the correct answer: a. HTTP PUT & DELETE method can be disabled in web.xml from the below code: Disallowed Location /* PUT DELETE b. HTTP PUT & DELETE methods are disabled by default on many web server c. HTTP PUT & DELETE methods should not be disabled d. HTTP PUT & DELETE methods cannot be disabled

technology security

  1. a

  2. b

  3. c

  4. d

  5. Option 1 AND Option 2

Show answer
Correct Option: E

From security view point what is problem with code below try { //code to do IO operations return var1; } Catch(Exception e) { return var2; } finally{ return var3; }
technology security

  1. It is returning a value in finally block

  2. It is catching Exception

  3. OPTION 1 AND Option 2

  4. Nothing is wrong

Show answer
Correct Option: C

Whill this code result in DoS situation? public void dummyFunction(){ try { //open a connection to database //transaction with database closeConnection(); } catch(SQLException e){ //Exception handling block } } closeConnection() is a function which releases all database resources opened by current function.
technology security

  1. True

  2. False

Show answer
Correct Option: A

Analyse following code public void dummyFunction(String var1,String var2){ try{ Connection con=getConnection(); String query=”select * from table1 where col1=”+var1 +”and col2=”+var2; Statement st=conn.createStatement(); ResultSet rs=st.executeQuery(query); …… ….. } catch(Exception e) { } } var1 and var2 are inputs from user directly passed to this functions.
technology security

  1. Vulnerable to SQL Injection

  2. Vulnerable to DoS

  3. Vulnerable to Information Disclosure

  4. Code is secure

Show answer
Correct Option: D

Fnction below is used to read file from a directory on the filesystem. This code runs with read only OS level privilege on this directory. fileName is parameter from user directly passed to this function. public void dummyFunction(String fileName){ FileInputStream fis = new FileInputStream(fileName); // code to read file content only, no write modify or delete } Identify correct answer

technology security

  1. Security is handled at OS level by giving only read level privilege so no need to put an extra check here

  2. Only problem here is that fileName may not be syntactically incorrect so it should be validated before using it in the function

  3. This code can lead to information disclosure attack

  4. Java provides enough security by default for IO operations so this code is not vulnerable.

Show answer
Correct Option: C

Please select which of the following statements are NOT true regarding the AccessController class? a. Can be used to mark code as being "privileged", thus affecting subsequent access determinations b. Can be to decide whether an access to a critical system resource is to be allowed or denied, based on the security policy currently in effect c. Can be used to obtain a "snapshot" of the current calling context d. Can be used to compute a cryptographically secure hash

technology security

  1. a

  2. b

  3. c

  4. d

Show answer
Correct Option: D

Which of the following API's associates a Subject with the thread of execution?
technology security

  1. Subject.doAs()

  2. AccessController.checkPermission()

  3. SecurityManager.checkAccess()

  4. None of the above

Show answer
Correct Option: A

Please select which of the following statements regarding Java 2 Security is TRUE?

technology security

  1. The type safety mechanism in the Java language prevents the execution of malicious code

  2. Two classes with the same fully qualified name but which are defined by different instances of a class loader are NOT of the same type

  3. All signed classes are implicitly trusted and granted full access

  4. The principal role of a TrustManager is to determine if presented authentication credentials should be trusted

  5. Option 1 AND Option 4

  6. Option 2 AND Option 4

Show answer
Correct Option: F

Which of the following is a command line tool for managing the public and private keys stored in a keystore?
technology security

  1. securitymanager

  2. policytool

  3. jarsigner

  4. keystore

  5. None of the above

Show answer
Correct Option: E