2998603
Beschreibung
Quiz von Carlos Veliz, aktualisiert more than 1 year ago
|
Erstellt von Carlos Veliz
vor mehr als 9 Jahre
|
|
Frage 1
Frage
Which of the following statements is not part of the types of authentication mechanisms?
Antworten
-
HTTP Basic Authentication
-
Form-Based Authentication
-
Authentication 802.1x
-
Client/Server Mutual Authentication
Frage 2
Frage
Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?
Antworten
-
Requests a protected resource
-
Request username password
-
Redirect to login page
-
Returns request resource
-
Sends username password
Frage 3
Frage
Indicate whether the following definition is true or false for form-based authentication:
"SSL can be added to part or whole of the web application"
Antworten
-
True
-
False
Frage 4
Frage
It is not part of the job overview of Kerberos:
Antworten
-
Key Distribution Centre in Kerberos stores account information and client passwords
-
Working proccess is invisible to the user
-
This mechanism issues tickets containing user identity, encrypted password, encrypted data
-
Client authentication ensures that the users are legitimate or not
Frage 5
Frage
It is not a way to prevent Web-based enumeration attack:
Antworten
-
Lock out targeted account access after a certain restricted failed attempts
-
Web applications need to respond with similar error messages to all authentication failures
-
Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage
-
Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage
Frage 6
Frage
Authorization is the proccess that control access rights of principals to system resources that include:
Antworten
-
Access to users
-
Access to proccess
-
Access to machines
-
All of the above
-
None of the above
Frage 7
Frage
Which is the fifth step in implementing authorization?
Antworten
-
Defining roles to users
-
check for user authentication for the application
-
Apply the constrains which are accessible by role
-
Define security roles of an application to roles defined in memory realm
Frage 8
Frage
It is not part of the access control model:
Antworten
-
System Domain
-
AWT
-
Printer
-
Database Server
-
File I/O
Frage 9
Frage
Which of the following statements is not part of the principles of least privilege?
Antworten
-
User account should have enongh privileges according to their task
-
Evaluate and implement code access permissions
-
Save sensitive files with random names and clean temporay files
-
Enable web applications access to database through limited accounts only
-
Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.
Frage 10
Frage
Which of the following is not a best practice in the management of sessions?
Antworten
-
Make use of SSL
-
Do not add sensitive data in security token
-
Impose concurrent login limits
-
Regenerate session IDs upon privilege changes
-
A user has access to resources based on the role assigned
Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.