Carlos Veliz
Test por , creado hace más de 1 año

Java Application Vulnerabilities

36
0
0
Carlos Veliz
Creado por Carlos Veliz hace más de 9 años
Cerrar

Java Application Vulnerabilities

Pregunta 1 de 10

1

In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:

Selecciona una de las siguientes respuestas posibles:

  • Secure Configuration

  • Application Design

  • Security Policies

  • Code Logic Deviation

  • Brand Image Damage

Explicación

Pregunta 2 de 10

1

It is not an countermeasure for Cross-Site Scrpting:

Selecciona una de las siguientes respuestas posibles:

  • Configure web browser to disable scripting

  • Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8

  • Use filter techniques that store and process input variables on the server

  • Appropriately use GET and POST requests

  • Use properly designed error handling mechanisms for reporting input errors

Explicación

Pregunta 3 de 10

1

It is not an countermeasure for Cross-Site Request Forgery:

Selecciona una de las siguientes respuestas posibles:

  • Web applications should use string authentications methods such as cookies, http authentication, etc.

  • Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks

  • Use page tokens such as time tokens that change with every http or https page requests

  • Appropriately use GET asn POST requests

  • Configure web browser to disable scripting

Explicación

Pregunta 4 de 10

1

It is a countermeasure for Directory Traversal

Selecciona una de las siguientes respuestas posibles:

  • 1). Apply checks/hot fixes to preven explotation

  • 2). Define access rights to the protected areas of the website

  • 3). Update server software at regular intervals

  • 4) 1 and 3

  • 5) 2 and 4

Explicación

Pregunta 5 de 10

1

In HTTP Response Splitting. Attacker splits the HTTP response by:

Selecciona una de las siguientes respuestas posibles:

  • Http Hearder Splitting

  • Http redirect

  • Http cookie header

  • All of the above

  • None of the above

Explicación

Pregunta 6 de 10

1

It is not an countermeasure Parameter Manipulation

Selecciona una de las siguientes respuestas posibles:

  • Use string input validating mechanisms for user data inputs

  • Implement a strict application security routines and updates

  • Use strictly confiured firewall to block and identify parameters that are defined in a web page

  • Disallow and filter CR/LF characters

  • Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges

Explicación

Pregunta 7 de 10

1

Which statement does not describe an XPath injection?

Selecciona una de las siguientes respuestas posibles:

  • The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts

  • This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site

  • XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data

  • If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended

Explicación

Pregunta 8 de 10

1

It is not an countermeasure for Injection Attacks:

Selecciona una de las siguientes respuestas posibles:

  • Defined Denial of service attacks by using SAX based parsing

  • Replace all single quotes with two single quotes

  • It is always suggested to use less privileged accounts to access the database

  • Disabling authentications based data access control

Explicación

Pregunta 9 de 10

1

Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?

Selecciona una de las siguientes respuestas posibles:

  • LR/FF

  • CR/LF

  • CR/HT

  • LF/FS

  • LR/FS

Explicación

Pregunta 10 de 10

1

In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:

Selecciona una de las siguientes respuestas posibles:

  • Applications Crash

  • CSRF Attack

  • Lack of Proper authentication

  • Damage Systems

  • Brand Image Damage

Explicación