Tag: security

Questions Related to security

What is OWASP WebGoat?
technology security

  1. Web Proxy

  2. XSS Scanner

  3. An insecure J2EE web application

  4. None of the above

Show answer
Correct Option: C

Which of the following best describes the difference between white-box testing and black-box testing?
technology security

  1. White-box testing is performed by an independent programmer team

  2. Black-box testing uses the bottom-up approach

  3. Black-box testing involves the business units

  4. White-box testing examines the program internal logical structures

Show answer
Correct Option: D

Scanning underlying source code with a database of regular expressions to quickly identify suspicious code, application inputs, outputs etc primarily relates to ..
technology security

  1. Grey-box testing

  2. Black-box testing

  3. White-box testing

  4. None of these

Show answer
Correct Option: C

What is the difference between network vulnerability assessment and a penetration test?

technology security

  1. A penetration test enumerates resources, and a vulnerability assessment enumerates vulnerabilities

  2. They are one and the same

  3. A penetration test identifies running services, and vulnerability assessments provide a more in-depth understanding of vulnerabilities

  4. A penetration test exploits vulnerabilities, and a vulnerability assessment finds vulnerabilities

Show answer
Correct Option: D

The three steps to successful patch management are …
technology security

  1. Acquiring, Testing, Installing

  2. Testing, Remediation, Peer Review

  3. Determine needs, Acquire resources, Install the patch

  4. Both A & B

Show answer
Correct Option: A

The correct way to disable autocomplete in the browser for certain forms is to ….
technology security

  1. Set autocomplete to “0”

  2. Set autocomplete to “Off”

  3. Set autocomplete to some other value

  4. Set autocomplete to “no-store”

Show answer
Correct Option: B

Credit card numbers should be logged into the log file during exception
technology security

  1. No. Because leads to insecure storage of private information of the customer

  2. Yes. Because it is a good logging practice to log all relevant information during an exception

  3. Yes. Because it will help in troubleshooting specific customer problems

  4. No. Because its an additional over head

Show answer
Correct Option: A

Web Service interfaces are prone to which of the following standard web application attacks ?
technology security

  1. SQL Injection

  2. Denial of Service

  3. XML Injection

  4. All of the above

Show answer
Correct Option: D

A race condition in a web server can cause …
technology security

  1. Resources to become unavailable to legitimate users

  2. Cross Site Tracing

  3. Server Instability

  4. Both A and B

Show answer
Correct Option: C

It is a leading practice to suppress detailed errors in the following places:
technology security

  1. Web Server configuration files

  2. Application configuration files

  3. Application error handlers

  4. All of the above

Show answer
Correct Option: D