Copiar y Editar

7.2 Developing Secure Code for TYPO3

Descripción

TYPO3 CD 2020 (zweite Auflage) Test sobre 7.2 Developing Secure Code for TYPO3, creado por Pascal Bartl el 09/04/2021.
Pascal Bartl
Test por Pascal Bartl, actualizado hace más de 1 año
Pascal Bartl
Creado por Pascal Bartl hace más de 3 años
1
0
0

Resumen del Recurso

Pregunta 1

Pregunta
Which of the following terms refer to security vulnerabilities in software? (3)
Respuesta
  • Scalar type declaration
  • Cross-site scripting (XSS)
  • Bounded context
  • Authentication bypass (or broken authentication)
  • False vacuum theory
  • Injection flaws

Pregunta 2

Pregunta
Is it possible to output form fields dynamically (e.g. with JavaScript) in an action? (1)
Respuesta
  • This is not possible for security reasons
  • This is possible, but requires the addition of an annotation @dontverifyrequesthash to the target action
  • This is possible, but requires the addition of an annotation @ignorevalidation to the target action
  • This is possible, but requires the addition of an annotation @dontvalidate to the target action
  • This is possible by activating the TypoScript option persistence.enableDynamicForms

Pregunta 3

Pregunta
Which of the following ViewHelpers check whether a frontend user is logged-in and is a member of the group “news” (UID = 5)? (2)
Respuesta
  • <f:if condition="{TSFE.loginUser.group == 5}">.
  • <f:security.ifHasRole role="5">
  • <f:security.ifHasRole role="news">
  • <f:security.ifAuthenticated>
  • <f:security.loginUser group_id="5">

Pregunta 4

Pregunta
Which statements about security in Fluid are correct? (2)
Respuesta
  • Fluid applies htmlspecialchars() when HTML content of a variable is output
  • Fluid automatically removes all HTML tags if the content of a variable contains HTML code
  • To protect users against XSS attacks, an exception is triggered if a variable contains HTML code
  • The FormatRaw-ViewHelper (<f:format.raw>) can be used to output the content of variables unfiltered
  • All HTML code should be passed to the FormatHtml-ViewHelper (<f:format.html>) for security reasons

Pregunta 5

Pregunta
What is the purpose of the “FormProtectionFactory”? (1)
Respuesta
  • Protection against SQL injections
  • Protection against man-in-the-middle attacks
  • Protection against cross-site scripting (XSS) attacks
  • Protection against cookie theft
  • Protection against cross-site request forgery (CSRF)

Pregunta 6

Pregunta
Which methods sanitize variables for the QueryBuilder and make the value SQL injection safe for prepared statements? (3)
Respuesta
  • The method quoteIdentifier()
  • The method quoteIdentifiers()
  • The method sanitizeValue()
  • The method createNamedParameter()
  • The method secureQuery()
Mostrar resumen completo Ocultar resumen completo

¿Quieres crear tus propios Tests gratis con GoConqr? Más información.

Similar

Ejemplos de comentario de texto de Selectividad
Diego Santos
Aparato CIRCULATORIO
JL Cadenas
CAE Gapped Sentences
Emilio Alonsooo
El sistema nervioso
crisferroeldeluna
Organigramas
Diego Santos
Ramas y etapas de la Filosofía
maya velasquez
Tipos de Fracciones
lesly.ladron
01 - Contexto histórico del Renacimiento
Jesús Aguado Álvarez
LAS POTENCIAS Y RAÍZ CUADRADA
1º, 2º, 3º y 4º de Secundaria
LOS DETERMINANTES
Concepcion Sanchez Aguilera
FASES PROCEDIMIENTO ADMTVO
Lauriña Gomez Martin
Explorar la Librería