Tag: security

Questions Related to security

Failing to properly validate uploaded files could result in:
technology security

  1. Arbitrary code execution

  2. Inadequate caching headers

  3. Distributed Denial of Service Attack against clients

  4. None of the above

Show answer
Correct Option: A

In which of the following exploits does an attacker insert malicious code into a link that appears to be from a trustworthy source?

technology security

  1. Cross-Site Scripting

  2. Buffer over flows

  3. Command injection

  4. Path traversal attack

Show answer
Correct Option: A

Why is “Black List” input validation considered a weak validation method ?
technology security

  1. Because the validation settings are hard coded.

  2. Susceptible to bypass using various forms of character encoding

  3. Because it's difficult to implement a black list filter that also takes into account data sent using the POST method

  4. Because it is typically implemented using regular expressions to match known good data patterns

Show answer
Correct Option: B

Once an input data validation flags an input as “invalid” what would be the most secure response ?
technology security

  1. Escape the invalid characters and continue processing the input data

  2. Accept the input data without modifying it and log the validation error

  3. Delete the invalid characters and continue processing the input data

  4. Reject the entire input data and send an error message back to the user

Show answer
Correct Option: D

A Buffer over flow occurs when …
technology security

  1. The application does not have enough memory allocated to handle the large amount of input

  2. The Operating System does not have enough RAM to handle large amount of input

  3. The client does not have enough memory allocated to handle the large amount of input

  4. A variable in the program does not have enough memory allocated to handle the amount of input

Show answer
Correct Option: D

Web server will log which part of a GET request?
technology security

  1. Hidden tags

  2. Query Strings

  3. Header

  4. Cookies

Show answer
Correct Option: B

How can we prevent dictionary attacks on password hashes ?
technology security

  1. Hashing the password twice

  2. Encrypting the password using the private key

  3. Use an encryption algorithm you wrote your self so no one knows how it works

  4. Salting the hash

Show answer
Correct Option: D

Implementing Access Control based on a hard coded IP address
technology security

  1. Can be done as it as an internal IP

  2. Can be done for internet facing servers as there are no chances of IP conflicts

  3. Is a good security practice

  4. Is a bad security practice

Show answer
Correct Option: D
Explanation:

To solve this question, the user needs to understand the concept of access control and the potential risks associated with hard coding IP addresses.

Option A: Can be done as it is an internal IP

  • This option is partially correct. Internal IP addresses are typically static and can be hard coded for access control purposes within a private network. However, it is important to note that internal IPs can still be compromised by malicious actors who gain access to the network.

Option B: Can be done for internet-facing servers as there are no chances of IP conflicts

  • This option is incorrect. Internet-facing servers are exposed to a larger attack surface and are at risk of IP spoofing or IP address conflicts. Hard coding IP addresses for access control purposes can lead to security vulnerabilities and is generally not recommended.

Option C: Is a good security practice

  • This option is incorrect. While access control is an important security practice, hard coding IP addresses is not considered a good practice due to the potential risks involved, such as IP spoofing and IP conflicts.

Option D: Is a bad security practice

  • This option is correct. Hard coding IP addresses for access control purposes is generally not recommended as it can lead to security vulnerabilities. It is important to use more secure methods of access control, such as multi-factor authentication and role-based access control.

Therefore, the correct answer is: The Answer is D.

Temporary files
technology security

  1. Should be placed securely in a folder called “temp” in the web root

  2. Can be placed anywhere in the web root as long as there are no links to them

  3. Should be completely removed from the server

  4. Can be placed anywhere after changing the extension

Show answer
Correct Option: C

What is the preferred medium for backing up log files ?
technology security

  1. Print the logs to a paper

  2. Create a copy of data in your laptop/desktop

  3. Copy the files to CD-R's

  4. None of the above

Show answer
Correct Option: C