2998294
Descrição
Quiz por Carlos Veliz, atualizado more than 1 year ago
|
Criado por Carlos Veliz
mais de 9 anos atrás
|
|
Questão 1
Questão
In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:
Responda
-
Secure Configuration
-
Application Design
-
Security Policies
-
Code Logic Deviation
-
Brand Image Damage
Questão 2
Questão
It is not an countermeasure for Cross-Site Scrpting:
Responda
-
Configure web browser to disable scripting
-
Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8
-
Use filter techniques that store and process input variables on the server
-
Appropriately use GET and POST requests
-
Use properly designed error handling mechanisms for reporting input errors
Questão 3
Questão
It is not an countermeasure for Cross-Site Request Forgery:
Responda
-
Web applications should use string authentications methods such as cookies, http authentication, etc.
-
Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks
-
Use page tokens such as time tokens that change with every http or https page requests
-
Appropriately use GET asn POST requests
-
Configure web browser to disable scripting
Questão 4
Questão
It is a countermeasure for Directory Traversal
Responda
-
1). Apply checks/hot fixes to preven explotation
-
2). Define access rights to the protected areas of the website
-
3). Update server software at regular intervals
-
4) 1 and 3
-
5) 2 and 4
Questão 5
Questão
In HTTP Response Splitting. Attacker splits the HTTP response by:
Responda
-
Http Hearder Splitting
-
Http redirect
-
Http cookie header
-
All of the above
-
None of the above
Questão 6
Questão
It is not an countermeasure Parameter Manipulation
Responda
-
Use string input validating mechanisms for user data inputs
-
Implement a strict application security routines and updates
-
Use strictly confiured firewall to block and identify parameters that are defined in a web page
-
Disallow and filter CR/LF characters
-
Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges
Questão 7
Questão
Which statement does not describe an XPath injection?
Responda
-
The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts
-
This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site
-
XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data
-
If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended
Questão 8
Questão
It is not an countermeasure for Injection Attacks:
Responda
-
Defined Denial of service attacks by using SAX based parsing
-
Replace all single quotes with two single quotes
-
It is always suggested to use less privileged accounts to access the database
-
Disabling authentications based data access control
Questão 9
Questão
Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?
Responda
-
LR/FF
-
CR/LF
-
CR/HT
-
LF/FS
-
LR/FS
Questão 10
Questão
In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:
Responda
-
Applications Crash
-
CSRF Attack
-
Lack of Proper authentication
-
Damage Systems
-
Brand Image Damage
Quer criar seus próprios Quizzes gratuitos com a GoConqr? Saiba mais.