|
* |
|
These attacks consist of injecting
malicious client-side scripts into a website and using the website as a
propagation method is: |
|
These attacks
consist of injecting malicious client-side scripts into a website and using
the website as a propagation method is: XML
External Entities Cross Site Scripting (XSS) Security
Mis Configuration Injection |
||
|
* |
|
A security principle, that ensures
that authority is not circumvented in subsequent requests of an object by a
subject, by checking for authorization (rights and privileges) upon every
request for the object is ____. |
|
A security
principle, that ensures that authority is not circumvented in subsequent
requests of an object by a subject, by checking for authorization (rights a Complete Mediation Least
Privileges Separation
of Duties Weakest
Link |
|||
|
* |
|
Unprotected files and Directories,
unpatched flaws, unused pages are examples of: |
|
|
Unprotected files
and Directories, unpatched flaws, unused pages are examples of: Injection Data
deletion Security
misconfiguration Broken
Access Control |
||
|
* |
|
The attack surface of your project
seems to grow faster than it should. Which of the following is probably not a
fruitful place to look? |
|
The attack surface
of your project seems to grow faster than it should. Which of the following
is probably not a fruitful place to look? Number
of modules/routines in the project Privilege
level of the credentials used to run the application Network
address space from which the program is addressable Privilege
level of users using the application |
||
|
* |
|
Which is the legal form of hacking
based on which jobs are provided in IT industries and firms? |
|
Which is the legal
form of hacking based on which jobs are provided in IT industries and firms? Cracking Non
ethical Hacking Ethical hacking Hacktivism |
||
|
* |
|
A process by which potential
threats, such as structural vulnerabilities or the absence of appropriate
safeguards, can be identified, enumerated, and mitigations can be prioritized
is called ______. |
|
A process by which
potential threats, such as structural vulnerabilities or the absence of
appropriate safeguards, can be identified, enumerated, and mitigatio Application
Security Secure
Controls Threat Modelling Secure
Design |
|||
|
* |
|
The acronym DAST stands for: |
|
|
The acronym DAST
stands for: Dynamic Application Security Testing Dynamic
Application Software Testing Data
Application Security Testing Data
Application Software Testing |
|||
|
* |
|
Web Application Firewall or WAF |
|
|
Web Application
Firewall or WAF Is
a safety gate between servers Regulates
the content exchange between two web applications Filters the content of specific web
applications None
of the above |
|||
|
* |
|
Vulnerability caused due to Logic
issue in authentication mechanism is called _____. |
|
|
Vulnerability caused
due to Logic issue in authentication mechanism is called _____. Broken
Access Control Broken Authentication Injection Sensitive
Data Exposure |
|||
|
* |
|
The Acronym RASP stands for: |
|
|
The Acronym RASP
stands for: Rapid
Application Security Protocol Random
Application Security Protection Run Time Application Self Protection Run
Time Application Security Protection |
||
|
* |
|
Application processing sensitive
Data like Client Information, Employee Data, Trade Secrets is classified
under security level _____. |
|
Application
processing sensitive Data like Client Information, Employee Data, Trade
Secrets is classified under security level _____. Level
1 Level 2 Level
3 Level
4 |
|||
|
* |
|
______ is maintained by the
protection of data from modification by unauthorized users. |
|
|
______ is maintained
by the protection of data from modification by unauthorized users. Confidentiality Integrity Authentication Non-repudiation |
||
|
* |
|
This technique analyzes code for
security vulnerabilities while the app is run by an automated test, human
tester, or any activity ‘interacting’ with the application functionality. |
|
This technique
analyzes code for security vulnerabilities while the app is run by an
automated test, human tester, or any activity 'interacting' with the appli Functional
Security Testing Interactive Application Security Testing
(IAST) Performance
Testing None
of the mentioned |
|||
|
* |
|
Which of this is an example of
physical hacking? |
|
|
Which of this is an
example of physical hacking? Remote
Unauthorized access Inserting
malware loaded USB to a system SQL
Injection on SQL vulnerable site DDoS
(Distributed Denial of Service) attack |
|||
|
* |
|
Data ___________ is used to ensure
confidentiality. |
|
|
Data ___________ is
used to ensure confidentiality. Encryption Locking Deleting Backup |
|||
|
* |
|
Which of the following is an
example of Broken Access Control attack? |
|
|
Which of the
following is an example of Broken Access Control attack? Access
to personal information Brute
Force Attack View
sensitive files Code
Injection |
|||
|
* |
|
Which of the following is not an
example of Root Cause for Sensitive Data Exposure? |
|
|
Which of the
following is not an example of Root Cause for Sensitive Data Exposure? Encrypt at rest and in transit Weak
Crypto or Keys Un
Encrypted data Storage Clear-text
data transfer |
||
|
* |
|
This attack can be deployed by
infusing a malicious code/Script in a website’s comment section. What is
‘this’ attack referred to here? |
|
This attack can be
deployed by infusing a malicious code/Script in a website's comment section.
What is 'this' attack referred to here? SQL
injection HTML
Injection Cross
Site Scripting (XSS) Cross
Site Request Forgery (XSRF) |
||
|
* |
|
A security principle that aims to
maintaining confidentiality, integrity and availability by defaulting to a
secure state, rapid recovery of software resiliency upon design or
implementation failure is _____. |
|
A security principle
that aims to maintaining confidentiality, integrity and availability by
defaulting to a secure state, rapid recovery of software resilienc Separation
of Duties Defense
in Depth Least
Privilege Fail
Safe |
|||
|
* |
|
The acronym SAST stands for: |
|
|
The acronym SAST
stands for: Static
Analysis Security testing Software
Analysis Security Testing Secure
Application Software Testing Static Application Security Testing |
|||
|
* |
|
Which of the following is not a
best practice for preventing injection Vulnerability? |
|
|
Which of the
following is not a best practice for preventing injection Vulnerability? Validating
User Input Parametrizing
Queries Accepts
parameters as input Limiting
Privileges |
|||
|
* |
|
Which of the following is not a
common example of Insecure Deserialization Prevention? |
|
|
Which of the
following is not a common example of Insecure Deserialization Prevention? Implement
integrity checks or encryption of the serialized objects Enforce
strict type constraints Isolate
code that deserializes, such that it runs in very low privilege environments Disable all unused Services |
|||
|
* |
|
Which of the following is NOT a
vulnerability? |
|
|
Which of the
following is NOT a vulnerability? Injection Cross
Site Scripting (XSS) Threat modeling Broken
Access Control |
|||
|
* |
|
Which of the following is not an
example for the purpose of Logging and Monitoring? |
|
|
Which of the
following is not an example for the purpose of Logging and Monitoring? Detecting
incidents Forensic
analysis Uncovering
the sequence of events leading to a cybersecurity breach To filter input on arrival |
|||
|
* |
|
Which of the following is not an
example of Penetration Testing? |
|
|
Which of the
following is not an example of Penetration Testing? Black
Box Penetration Testing White
Box Penetration Testing Grey
Box Penetration Testing Functional
Penetration Testing |
Comments
Post a Comment