2998294
Beschreibung
Quiz von Carlos Veliz, aktualisiert more than 1 year ago
|
Erstellt von Carlos Veliz
vor mehr als 9 Jahre
|
|
Frage 1
Frage
In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:
Antworten
-
Secure Configuration
-
Application Design
-
Security Policies
-
Code Logic Deviation
-
Brand Image Damage
Frage 2
Frage
It is not an countermeasure for Cross-Site Scrpting:
Antworten
-
Configure web browser to disable scripting
-
Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8
-
Use filter techniques that store and process input variables on the server
-
Appropriately use GET and POST requests
-
Use properly designed error handling mechanisms for reporting input errors
Frage 3
Frage
It is not an countermeasure for Cross-Site Request Forgery:
Antworten
-
Web applications should use string authentications methods such as cookies, http authentication, etc.
-
Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks
-
Use page tokens such as time tokens that change with every http or https page requests
-
Appropriately use GET asn POST requests
-
Configure web browser to disable scripting
Frage 4
Frage
It is a countermeasure for Directory Traversal
Antworten
-
1). Apply checks/hot fixes to preven explotation
-
2). Define access rights to the protected areas of the website
-
3). Update server software at regular intervals
-
4) 1 and 3
-
5) 2 and 4
Frage 5
Frage
In HTTP Response Splitting. Attacker splits the HTTP response by:
Antworten
-
Http Hearder Splitting
-
Http redirect
-
Http cookie header
-
All of the above
-
None of the above
Frage 6
Frage
It is not an countermeasure Parameter Manipulation
Antworten
-
Use string input validating mechanisms for user data inputs
-
Implement a strict application security routines and updates
-
Use strictly confiured firewall to block and identify parameters that are defined in a web page
-
Disallow and filter CR/LF characters
-
Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges
Frage 7
Frage
Which statement does not describe an XPath injection?
Antworten
-
The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts
-
This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site
-
XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data
-
If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended
Frage 8
Frage
It is not an countermeasure for Injection Attacks:
Antworten
-
Defined Denial of service attacks by using SAX based parsing
-
Replace all single quotes with two single quotes
-
It is always suggested to use less privileged accounts to access the database
-
Disabling authentications based data access control
Frage 9
Frage
Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?
Antworten
-
LR/FF
-
CR/LF
-
CR/HT
-
LF/FS
-
LR/FS
Frage 10
Frage
In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:
Antworten
-
Applications Crash
-
CSRF Attack
-
Lack of Proper authentication
-
Damage Systems
-
Brand Image Damage
Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.