Carlos Veliz
Quiz por , criado more than 1 year ago

Java Application Vulnerabilities

36
0
0
Carlos Veliz
Criado por Carlos Veliz mais de 9 anos atrás
Fechar

Java Application Vulnerabilities

Questão 1 de 10

1

In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:

Selecione uma das seguintes:

  • Secure Configuration

  • Application Design

  • Security Policies

  • Code Logic Deviation

  • Brand Image Damage

Explicação

Questão 2 de 10

1

It is not an countermeasure for Cross-Site Scrpting:

Selecione uma das seguintes:

  • Configure web browser to disable scripting

  • Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8

  • Use filter techniques that store and process input variables on the server

  • Appropriately use GET and POST requests

  • Use properly designed error handling mechanisms for reporting input errors

Explicação

Questão 3 de 10

1

It is not an countermeasure for Cross-Site Request Forgery:

Selecione uma das seguintes:

  • Web applications should use string authentications methods such as cookies, http authentication, etc.

  • Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks

  • Use page tokens such as time tokens that change with every http or https page requests

  • Appropriately use GET asn POST requests

  • Configure web browser to disable scripting

Explicação

Questão 4 de 10

1

It is a countermeasure for Directory Traversal

Selecione uma das seguintes:

  • 1). Apply checks/hot fixes to preven explotation

  • 2). Define access rights to the protected areas of the website

  • 3). Update server software at regular intervals

  • 4) 1 and 3

  • 5) 2 and 4

Explicação

Questão 5 de 10

1

In HTTP Response Splitting. Attacker splits the HTTP response by:

Selecione uma das seguintes:

  • Http Hearder Splitting

  • Http redirect

  • Http cookie header

  • All of the above

  • None of the above

Explicação

Questão 6 de 10

1

It is not an countermeasure Parameter Manipulation

Selecione uma das seguintes:

  • Use string input validating mechanisms for user data inputs

  • Implement a strict application security routines and updates

  • Use strictly confiured firewall to block and identify parameters that are defined in a web page

  • Disallow and filter CR/LF characters

  • Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges

Explicação

Questão 7 de 10

1

Which statement does not describe an XPath injection?

Selecione uma das seguintes:

  • The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts

  • This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site

  • XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data

  • If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended

Explicação

Questão 8 de 10

1

It is not an countermeasure for Injection Attacks:

Selecione uma das seguintes:

  • Defined Denial of service attacks by using SAX based parsing

  • Replace all single quotes with two single quotes

  • It is always suggested to use less privileged accounts to access the database

  • Disabling authentications based data access control

Explicação

Questão 9 de 10

1

Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?

Selecione uma das seguintes:

  • LR/FF

  • CR/LF

  • CR/HT

  • LF/FS

  • LR/FS

Explicação

Questão 10 de 10

1

In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:

Selecione uma das seguintes:

  • Applications Crash

  • CSRF Attack

  • Lack of Proper authentication

  • Damage Systems

  • Brand Image Damage

Explicação