30183889
Descripción
Test por Pascal Bartl, actualizado hace más de 1 año
|
Creado por Pascal Bartl
hace más de 3 años
|
|
Pregunta 1
Pregunta
Which of the following terms refer to security vulnerabilities in software? (3)
Respuesta
-
Scalar type declaration
-
Cross-site scripting (XSS)
-
Bounded context
-
Authentication bypass (or broken authentication)
-
False vacuum theory
-
Injection flaws
Pregunta 2
Pregunta
Is it possible to output form fields dynamically (e.g. with JavaScript) in an action? (1)
Respuesta
-
This is not possible for security reasons
-
This is possible, but requires the addition of an annotation @dontverifyrequesthash to the target action
-
This is possible, but requires the addition of an annotation @ignorevalidation to the target action
-
This is possible, but requires the addition of an annotation @dontvalidate to the target action
-
This is possible by activating the TypoScript option persistence.enableDynamicForms
Pregunta 3
Pregunta
Which of the following ViewHelpers check whether a frontend user is logged-in and is a member of the group
“news” (UID = 5)? (2)
Respuesta
-
<f:if condition="{TSFE.loginUser.group == 5}">.
-
<f:security.ifHasRole role="5">
-
<f:security.ifHasRole role="news">
-
<f:security.ifAuthenticated>
-
<f:security.loginUser group_id="5">
Pregunta 4
Pregunta
Which statements about security in Fluid are correct? (2)
Respuesta
-
Fluid applies htmlspecialchars() when HTML content of a variable is output
-
Fluid automatically removes all HTML tags if the content of a variable contains HTML code
-
To protect users against XSS attacks, an exception is triggered if a variable contains HTML code
-
The FormatRaw-ViewHelper (<f:format.raw>) can be used to output the content of variables unfiltered
-
All HTML code should be passed to the FormatHtml-ViewHelper (<f:format.html>) for security reasons
Pregunta 5
Pregunta
What is the purpose of the “FormProtectionFactory”? (1)
Respuesta
-
Protection against SQL injections
-
Protection against man-in-the-middle attacks
-
Protection against cross-site scripting (XSS) attacks
-
Protection against cookie theft
-
Protection against cross-site request forgery (CSRF)
Pregunta 6
Pregunta
Which methods sanitize variables for the QueryBuilder and make the value SQL injection safe for prepared statements? (3)
Respuesta
-
The method quoteIdentifier()
-
The method quoteIdentifiers()
-
The method sanitizeValue()
-
The method createNamedParameter()
-
The method secureQuery()
¿Quieres crear tus propios Tests gratis con GoConqr? Más información.