30183889
Beschreibung
Quiz von Pascal Bartl, aktualisiert more than 1 year ago
|
Erstellt von Pascal Bartl
vor mehr als 3 Jahre
|
|
Frage 1
Frage
Which of the following terms refer to security vulnerabilities in software? (3)
Antworten
-
Scalar type declaration
-
Cross-site scripting (XSS)
-
Bounded context
-
Authentication bypass (or broken authentication)
-
False vacuum theory
-
Injection flaws
Frage 2
Frage
Is it possible to output form fields dynamically (e.g. with JavaScript) in an action? (1)
Antworten
-
This is not possible for security reasons
-
This is possible, but requires the addition of an annotation @dontverifyrequesthash to the target action
-
This is possible, but requires the addition of an annotation @ignorevalidation to the target action
-
This is possible, but requires the addition of an annotation @dontvalidate to the target action
-
This is possible by activating the TypoScript option persistence.enableDynamicForms
Frage 3
Frage
Which of the following ViewHelpers check whether a frontend user is logged-in and is a member of the group
“news” (UID = 5)? (2)
Antworten
-
<f:if condition="{TSFE.loginUser.group == 5}">.
-
<f:security.ifHasRole role="5">
-
<f:security.ifHasRole role="news">
-
<f:security.ifAuthenticated>
-
<f:security.loginUser group_id="5">
Frage 4
Frage
Which statements about security in Fluid are correct? (2)
Antworten
-
Fluid applies htmlspecialchars() when HTML content of a variable is output
-
Fluid automatically removes all HTML tags if the content of a variable contains HTML code
-
To protect users against XSS attacks, an exception is triggered if a variable contains HTML code
-
The FormatRaw-ViewHelper (<f:format.raw>) can be used to output the content of variables unfiltered
-
All HTML code should be passed to the FormatHtml-ViewHelper (<f:format.html>) for security reasons
Frage 5
Frage
What is the purpose of the “FormProtectionFactory”? (1)
Antworten
-
Protection against SQL injections
-
Protection against man-in-the-middle attacks
-
Protection against cross-site scripting (XSS) attacks
-
Protection against cookie theft
-
Protection against cross-site request forgery (CSRF)
Frage 6
Frage
Which methods sanitize variables for the QueryBuilder and make the value SQL injection safe for prepared statements? (3)
Antworten
-
The method quoteIdentifier()
-
The method quoteIdentifiers()
-
The method sanitizeValue()
-
The method createNamedParameter()
-
The method secureQuery()
Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.