Tag: security

Questions Related to security

Files temporarily created by applications can expose confidential data if
technology security

  1. Special characters are not used in the filename to keep the file hidden

  2. The existence of the file exceeds 3 seconds

  3. File permissions are not set appropriately

  4. Special characters indicating this is a system file are not used in the filename

Show answer
Correct Option: C

The three structural parts of a virus are:
technology security

  1. Malicious payload, message payload, and benign payload

  2. Infection, payload and trigger

  3. Self replication, file attachment, and payload

  4. Replication, destructive payload, and triggering condition

Show answer
Correct Option: B

An application that uses dynamic link libraries can be forced to execute malicious code, even without replacing the target .dll file by exploiting:
technology security

  1. Registry settings

  2. The library search order

  3. Buffer overflows

  4. Library input validation flaws

Show answer
Correct Option: B

When valuable information needs to be transmitted as part of the client request
technology security

  1. Get method should be used with a suitable encryption mechanism

  2. Submit method should be used with state of the art encryption algorithm

  3. POST method should be used with a suitable encryption mechanism

  4. Stored procedure to be used

Show answer
Correct Option: C

In terms of databases, cryptography can:
technology security

  1. Only restrict and reduce availability

  2. Improve availability by allowing data to be easily placed where authorized users can access it

  3. Improve availability by increasing granularity of access controls

  4. Neither reduce nor improve availability

Show answer
Correct Option: B

Proprietary protocols and data formats:
technology security

  1. Are unsafe because they typically rely on security by obscurity

  2. Are unsafe because buffer overflows cannot be effectively determined by random submission of data

  3. Are insecure because vendors do not test them

  4. Are secure because of encryption

Show answer
Correct Option: A

Integrating cryptography into applications may lead to:
technology security

  1. Increased stability as the programs are protected against viral attack

  2. Enhanced reliability as users can no longer modify source code

  3. Reduced breaches of policy due to disclosure of information

  4. Possible denial of service if the keys are corrupted

Show answer
Correct Option: D

It is a good programming practice to set the cookie flag to:
technology security

  1. Safe

  2. Protected

  3. Locked

  4. Secure

Show answer
Correct Option: D
Explanation:

To solve this question, the user needs to know the different flags that can be set when creating a cookie and their purposes.

Now, let's go through each option and explain why it is right or wrong:

A. Safe: This flag indicates that the cookie should only be sent over an encrypted channel. It does not protect against other types of attacks such as cross-site scripting (XSS) or cross-site request forgery (CSRF). Therefore, this option is not correct for this question.

B. Protected: This flag is not a standard cookie flag. Therefore, this option is not correct for this question.

C. Locked: This flag is not a standard cookie flag. Therefore, this option is not correct for this question.

D. Secure: This flag indicates that the cookie should only be sent over an encrypted channel and helps protect against attacks such as XSS and CSRF. This is a good programming practice to ensure that sensitive information transmitted over cookies is secure. Therefore, the correct answer is:

The Answer is: D

If you are using TLS encryption, sensitive data can be transmitted via
technology security

  1. URL arguments

  2. hidden variables

  3. server side repository

  4. Cookie

Show answer
Correct Option: C

Stored procedure if used for authentication helps against which attack?
technology security

  1. Session Hijacking

  2. Session Fixation

  3. Cross Site Scripting

  4. SQL injection

Show answer
Correct Option: D