Tag: testing

Questions Related to testing

Key words used for SQL Injection attack (select more than one)

technology testing

  1. CREATE

  2. UNION

  3. WHERE

  4. OR

Show answer
Correct Option: B,D

Select the application type which could be affected by security threats (select more than one)

technology testing

  1. Website with URL https

  2. Website with URL http

  3. Windows application

  4. Only Website with URL http & Windows application

Show answer
Correct Option: A,B,C

Select input validation threat category (select more than one)
technology testing

  1. Buffer overflows

  2. SQL Injection

  3. Cross site scripting

  4. Authentication

  5. Authorization

Show answer
Correct Option: A,B,C

Client side validation is advised for enforcing the security
technology testing

  1. True

  2. False

Show answer
Correct Option: B

Select the validations required for File upload (Select more than one)
technology testing

  1. File Name

  2. File Type

  3. Size

  4. Virus Scanning

Show answer
Correct Option: B,C,D

Cross Site scripting threat would be possible if the user input is echoed back to the user

technology testing

  1. True

  2. False

Show answer
Correct Option: B

Common threats in the application / system

technology testing

  1. Denial of service

  2. Executing malicious content

  3. Information disclosure

  4. All of the above

Show answer
Correct Option: D

Select different modes of authentication to web application (select more than one)

technology testing

  1. Windows authentication

  2. SQL authentication

  3. Form based authentication

  4. Basic authentication

  5. Passport authentication

  6. All of the above

Show answer
Correct Option: A,C,D,E

Select the one which would lead to SQL injection attack

technology testing

  1. SqlDataAdapter myCommand = new SqlDataAdapter( "SELECT CustomerName, Email, PhoneNo FROM users WHERE cust_id = '" + txtuser.Text + "'", myConnection);

  2. CREATE PROCEDURE procGetUser @custId VARCHAR(5) AS SELECT CustomerName, Email, PhoneNo FROM Customers WHERE cust_id = @custId

  3. SqlDataAdapter myDataAdapter = new SqlDataAdapter("SELECT CustomerName, Email, PhoneNo FROM Customers WHERE cust_id = @cust_id", connection); myCommand.SelectCommand.Parameters.Add("@cust_id", SqlDbType.VarChar,

  4. All the above

Show answer
Correct Option: A

Select the security best practice techniques (select more than one)

technology testing

  1. Provide highest privilege

  2. Encode all client supplied data

  3. Use of parameterized stored procedure

  4. Providing detailed error message

Show answer
Correct Option: B,C,D