Question: Question 1 (1 point) What flaw can lead to exposure of resources or functionality to unintended actors? Question 1 options: Session Fixation Improper authentication Insecure
Question 1(1 point)
What flaw can lead to exposure of resources or functionality to unintended actors?
Question 1 options:
Session Fixation | |
Improper authentication | |
Insecure Cryptographic Storage | |
Invalidated redirects and forwards |
Question 2(1 point)
You should set a secure flag in a cookie to ensure that:
Question 2 options:
The cookie is a persistent cookie | |
The cookie is sent over an encrypted channel | |
The cookie is deleted when the user closes the browser | |
The cookie is not available to client script |
Question 3(1 point)
Which of the following functionalities should you include in an authentication and session management system? (Select all that apply)
Question 3 options:
Logout Functionality | |
Inactivity Time-out functionality | |
Escaping Functionality | |
Forwarding System Functionality |
Question 4(1 point)
_________ is a collection of computers that are all infected by the same malware
Question 4 options:
botnet | |
malware | |
adware | |
spyware |
Question 5(1 point)
Why should you use CAPTCHA?
Question 5 options:
To create cryptographically random session IDs | |
To protect credentials by using encryption or cryptographic salt and hash | |
To protect authentication systems from automated or brute-force attacks | |
To ensure that authentication systems implement inactivity timeout functionality |
Question 6(1 point)
The use of proper security techniques can (Select all that apply)
Question 6 options:
Minimize the threat of attackers | |
Allow access to unauthorized users | |
Prevent most hackers from accessing your system | |
Provide full security |
Question 7(1 point)
Which character is most likely to be used for an SQL injection attack?
Question 7 options:
Single quote (') | |
Null (\0) byte | |
Less than sign(<) | |
Greater than sign(>) |
Question 8(1 point)
What is the name of the malware used to take over and link a large number of computers in order to execute a DDOS attack.
Question 8 options:
Phishing | |
Zero-Day Exploit | |
Social Engineering | |
Backdoor | |
Botnet |
Question 9(1 point)
An HTTPS connection combines the protocol of HTTP with another Internet protocol for a layer of security.
Question 9 options:
FTPS | |
TLS | |
TCP | |
DNS |
Question 10(1 point)
What is it called when a co-worker sitting next to you always seems to look your way when you try to enter your user ID and password to log onto the network?
Question 10 options:
phishing | |
social engineering | |
shoulder surfing | |
coincidence |
Question 11(1 point)
Which of the following threats is most likely to be caused by poor input validation?
Question 11 options:
Enabling of IPSec | |
Insecure direct object reference | |
Insufficient transport layer protection | |
Insecure cryptographic storage |
Question 12(1 point)
Which threat is most likely to occur when a POST parameter performs an operation on behalf of a user without checking a shared secret?
Question 12 options:
Cross Site Request Forgery | |
Insecure Direct Object Reference | |
Cross Site Scripting | |
Injection |
Question 13(1 point)
What is the type of flaw that occurs when untrusted user entered data is sent to the interpreter as part of a query or command?
Question 13 options:
Insecure Direct Object References | |
Injection | |
Cross Site Request Forgery | |
Insufficient Transport Layer Protection |
Question 14(1 point)
What threat arises from not flagging HTTP cookies with tokens as secure?
Question 14 options:
Session Hijacking | |
Insecure Cryptographic Storage | |
Access Control Violation | |
Session replay |
Question 15(1 point)
Which of the following consequences is most likely to occur due to an injection attack
Question 15 options:
Spoofing | |
Cross-Site request Forgery | |
Denial Of Service | |
Insecure Direct Object Reference |
Question 16(1 point)
Which attack can execute scripts in the user's browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites?
Question 16 options:
SQL injection | |
Cross Site Scripting | |
Malware Uploading | |
Man in the Middle |
Question 17(1 point)
An attack technique that forces a user's session credential or session ID to an explicit value is called:
Question 17 options:
Brute Force Attack | |
Session Hijacking | |
Session Fixation | |
Dictionary Attack |
Question 18(1 point)
Which of the following is most likely to result from invalidated redirects and forwards?
Question 18 options:
Brute Force Attack | |
Network Sniffing | |
Man In The Middle Attack | |
Bypassed Authorization attack |
Question 19(1 point)
How does malicious input flow in a DOM-based XSS?
Question 19 options:
From Server to Client | |
From Client to Server | |
From Attacker to Server | |
From Victim to Server |
Question 20(1 point)
What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?
Question 20 options:
Security Misconfiguration | |
Cross Site Scripting | |
Insecure Direct Object Reference | |
Broken Authentication and Session Management |
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts