Carlos Veliz
Quiz por , criado more than 1 year ago

Mix Test 42p

33
0
0
Carlos Veliz
Criado por Carlos Veliz mais de 9 anos atrás
Fechar

Java Mix Test 42p

Questão 1 de 42

1

Defines interfaces and classes to help in internet communications authentication:

Selecione uma das seguintes:

  • Java.security

  • Java SASL API

  • JCE

  • JAAS

  • None of the above

Explicação

Questão 2 de 42

1

It is not part of the Java Cryptography Architecture:

Selecione uma das seguintes:

  • RSA

  • Triple DES

  • Standard Algorithms

  • Class Loader

  • Sandbox

Explicação

Questão 3 de 42

1

Java protects the user from hostile applications that hamper security through the concept:

Selecione uma das seguintes:

  • Security Manager

  • Sandbox

  • Intermediate fikes

  • Java Complier

  • None of the above

Explicação

Questão 4 de 42

1

Is an open source program that uses static analysis to identify hundreds of different potential types of errores in Java programs:

Selecione uma das seguintes:

  • FxCop

  • FindErrors

  • FxBugs

  • FindBugs

  • None of the above

Explicação

Questão 5 de 42

1

It is not a functionality of FindBugs:

Selecione uma das seguintes:

  • Eliminate security mistakes found.

  • Find security mistakes.

  • Reduce development time.

  • All of the above

  • None of the above

Explicação

Questão 6 de 42

1

Which of the following stages of the life cycle, has the lowest relative cost to fix a software defect?

Selecione uma das seguintes:

  • In service

  • Design

  • Requirements Definition

  • Customer Testing

  • Programming

Explicação

Questão 7 de 42

1

It is a feature of a secured software:

Selecione uma das seguintes:

  • Trustworthiness

  • Modularity

  • Reliability

  • Availability

  • All of the above

Explicação

Questão 8 de 42

1

Following questions help analyze and improve the security of a software

Selecione uma das seguintes:

  • 1) What area the various types od defects that cause security vulnerabilities?

  • 2) Which tools can be used for measuring the defects?

  • 3)How many lines to have the source code?

  • 4) 1 and 2

  • 5) 2 and 3

Explicação

Questão 9 de 42

1

"This method helps to split the complex and large problems into smaller ones resulting in quick and effcicent problem solving rather than dealing with the whole". This concept belongs to:

Selecione uma das seguintes:

  • Abstraction

  • Decomposition

  • Design

  • Complexity

  • None of the above options

Explicação

Questão 10 de 42

1

Threat modeling. Which of the following is not a security technique?

Selecione uma das seguintes:

  • Threat Mitigation

  • Threat trees

  • Privilege boundaries

  • Entry point identification

  • None of the above options

Explicação

Questão 11 de 42

1

Threat modeling. Which of the following is not a correct approach?

Selecione uma das seguintes:

  • Hybrid Centric

  • Software/Design Centric

  • Attack Centric

  • Threat Centric

  • Asset Centric

Explicação

Questão 12 de 42

1

What method is used to identify the following threats?
spoofing, tampering, DoS, information disclosure and elevation of privileges

Selecione uma das seguintes:

  • Attack Tree Structures

  • Stride

  • Information Gathering

  • ASF

  • None of the above options

Explicação

Questão 13 de 42

1

Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle:

Selecione uma das seguintes:

  • ADSL Threat modeling

  • SDL Threat modeling

  • Analyze Model

  • Analyze and generate model

  • None of the above options

Explicação

Questão 14 de 42

1

How will you implement secure file handling to prevent malicious file inclusion and DoS attacks?

Selecione uma das seguintes:

  • Findbugs

  • SecureFilehandling

  • FxCop

  • SecureFile

  • None of the above options

Explicação

Questão 15 de 42

1

The SecureFilehandling application only accepts the following file extensions:

Selecione uma das seguintes:

  • .xlsx

  • .class

  • .obj

  • .exe

  • Accepts all file extensions

Explicação

Questão 16 de 42

1

What are the types of streams in Java?

Selecione uma das seguintes:

  • Character and Byte Stream

  • Byte and Compact Stream

  • Character and Encode Stream

  • All of the above

  • None of the above options

Explicação

Questão 17 de 42

1

It is not a proper access privileges:

Selecione uma das seguintes:

  • The owner grants permission to the users to access the content available in the systems

  • All the files are created with access permissions so that unauthorized access can be denied

  • Multi user systems are generally owned by a particular user for instance system admin etc.

  • There ara various classes in java that handle characters streams and byte streams separately

  • None of the above options

Explicação

Questão 18 de 42

1

Which of the following instructions ensures proper File Cleanup when a program terminates?

Selecione uma das seguintes:

  • Runtime.getRuntime().exit(1);

  • exit();

  • terminate();

  • out.exit();

  • out.close();

Explicação

Questão 19 de 42

1

"It prevents untrusted code from modifying the class internal layout". In Security Manager Checks, this concept corresponds to:

Selecione uma das seguintes:

  • Prevents extracting any data

  • Check Constructor

  • Prevents modification

  • Prevents handling

  • None of the above options

Explicação

Questão 20 de 42

1

The project InputValidation not control one of the following statements?

Selecione uma das seguintes:

  • User login

  • User Password

  • Size password

  • User size

  • None of the above options

Explicação

Questão 21 de 42

1

On which side it is recommended to apply input validation?

Selecione uma das seguintes:

  • client-side

  • server-side

  • both

  • None of the above

Explicação

Questão 22 de 42

1

Which of the following types of input parameters is the most used in SQL vulnerabilities?

Selecione uma das seguintes:

  • Structured text

  • number

  • boolean

  • freetext

  • list of structured text

Explicação

Questão 23 de 42

1

Which of the following types of input parameters is the least used in XSS vulnerabilities?

Selecione uma das seguintes:

  • List of free text

  • structured text

  • number

  • boolean

  • enumeration

Explicação

Questão 24 de 42

1

What is the exact description of the regular expression "(a-z A-Z)(a-z A-Z 0-9_$)"?

Selecione uma das seguintes:

  • A valid java identifier consisting of alphanumeric characters, undercores and dolar signs with the first characer being an alphabet

  • A valid java identifier consisting of alphanumeric charecters and dollar signs with the first cgaracter bieng an alphabet

  • Any two-digit alphanumeric from 0-99 and a-z

  • Matches az, AZ and 9$

Explicação

Questão 25 de 42

1

Which of the following is not a recommendation of struts validation and securitiy?

Selecione uma das seguintes:

  • The absence of validation for a single field may allow attackers to exploit the application

  • Struts validation is done to prevent attacks caused through inchecked input

  • Each and every field included in the form should be validates in the correspondig validation form

  • Input validation through Servet filters in Java web applications is effecvtive due to minor modifications needed for input validation and servlet filets are centralized in nature

  • None of the above

Explicação

Questão 26 de 42

1

Indicate that statement does not belong to the class RuntimeException:

Selecione uma das seguintes:

  • ArrayStoreException

  • NegativeArraySizeException

  • FileNotFoundException

  • NullPointerException

  • SecurityException

Explicação

Questão 27 de 42

1

Which of the following is an exceptional behavior erroneous?

Selecione uma das seguintes:

  • Never catch NullPointerException

  • Disclosing sensitive information

  • Never throw undeclared checked exceptions

  • Logging sensitive data

  • All of the above

Explicação

Questão 28 de 42

1

Examples of Java Logging Frameworks:

Selecione uma das seguintes:

  • Apache Commons Logging

  • Log4J

  • Java Logging API

  • SLF4J

  • All of the above

Explicação

Questão 29 de 42

1

Which of the following is not a Secured Practices in Logging?

Selecione uma das seguintes:

  • Log Debug messages inside isDebugEnabled()

  • Make use of good java logging frameworks like java.util.logging or log4j

  • Log messages consitently and the messages must be informative

  • Ensure to include the formar of the java loggind in the specified java logger

  • Ensure to remove temporary files before termination to avoid information leakage and resource exhaustion

Explicação

Questão 30 de 42

1

HTTP Basic Authentication:

Selecione uma das seguintes:

  • Request a protected resource - Request username password - Sends username password - returns requested resource

  • Request username password - Sends username password - returns requested resource

  • Request username password - Request a protected resource - Sends username password - returns requested resource

  • Sends username password - Request username password - Request a protected resource - returns requested resource

  • None of the above options

Explicação

Questão 31 de 42

1

Which of the following is not a measure of prevention for attacks weak password?

Selecione uma das seguintes:

  • Impose a password againg policy

  • Impose web application accepts only user id credentials that contain all valid characters including special characters like !, @, #, $, etc.

  • Incorrect authentication failure messages should be avoided

  • Implement account lockout policy

  • None of the above

Explicação

Questão 32 de 42

1

Which of the following statements does not describe RBAC?

Selecione uma das seguintes:

  • It functions on the concept of user roles and information accessibility

  • This is the popular access control model

  • A user has access to resources based on the role assigned; roles are allocated depending on job function

  • The access control policies are imposed on policy, specific to the user

  • An organization has different departments, and roles are assigned based on requirements

Explicação

Questão 33 de 42

1

Which of the following is not a feature of JAAS?

Selecione uma das seguintes:

  • Is implemented usign pure JAVA

  • Supports single sig-on for login authentication in J2EE appplications

  • Provides centralized rol based control that includes hierarchical roles

  • Is implemented usign JAVA and JavaScript

  • Authentication of users is done through PAM Framework

Explicação

Questão 34 de 42

1

JAAS Configuration. The configurations file format consists of the following entries:

Selecione uma das seguintes:

  • LoginEntry

  • ModuleClass

  • Flag

  • Option="value"

  • All options are correct

Explicação

Questão 35 de 42

1

In the architecture of a Java EE application. Which of the following is not a component of the Web level?

Selecione uma das seguintes:

  • Web Services Client

  • Servlet

  • App Flow Processor

  • View Manager

  • None of the above

Explicação

Questão 36 de 42

1

Concurrency in Java. Which of the following is not a state of a thread?

Selecione uma das seguintes:

  • Suspended

  • Resumed

  • Blocked

  • Dead

  • Reset

Explicação

Questão 37 de 42

1

In ]ava, the following methods are vulnerable to race condition:

Selecione uma das seguintes:

  • 1) start()

  • 2) stop()

  • 3) init()

  • 4) 1 and 3

  • 5) 1, 2 and 3

Explicação

Questão 38 de 42

1

It is a countermeasure to session hijacking:

Selecione uma das seguintes:

  • See the session is not expired after users log out

  • Regularly clear the history and offline content

  • Prefer http than https in case of sensitive and confidential transactions

  • Make sure that cookies and sessions are stored from the browser

  • None of the above

Explicação

Questão 39 de 42

1

Which of the following statements does not include the Java Criptography Arquitecture engine?

Selecione uma das seguintes:

  • Key Store

  • Key pair Generator

  • Key Tools

  • CertStore

  • Key Factories

Explicação

Questão 40 de 42

1

javax.net and javax.net.ssl packages are the standard JSSE APIs that includes important classes such as:

Selecione uma das seguintes:

  • 1) SSLSocket

  • 2) SocketFactory

  • 3) ServerSocketFactory

  • 4) All of the above

  • 5) None of the above

Explicação

Questão 41 de 42

1

It is not a tool Java Cryptography:

Selecione uma das seguintes:

  • JCryption

  • Optimus Java

  • PrimeInk JAva

  • jdnssec

  • Cryptix

Explicação

Questão 42 de 42

1

Which of the following is not a countermeasure CRSF?

Selecione uma das seguintes:

  • Appropriately use GET and Post requests

  • Implement OWASP CRFGuard Library

  • Web applications should use weak authentications methods such as cookies, http authentication, etc

  • Check the referrer such as HTTP "referer"

  • None of the above

Explicação