Tag: security

Questions Related to security

Select a tool that is used for Web services enumeration, scanning and fuzzing
technology security

  1. The Scrutinizer

  2. Wschess from Netsquare

  3. SWAAT

  4. Peach Fuzzer

Show answer
Correct Option: B

Select a tool that is used for SQL injection scanning
technology security

  1. SQLiX

  2. WebScarab

  3. ParosProxy

  4. NMAP

Show answer
Correct Option: A

Which one is a Software Security Requirement gathering tool
technology security

  1. Assent

  2. Consult

  3. Masketeer

  4. SQUARE

Show answer
Correct Option: D

Implementing a CAPTCHA can protect you against what types of attacks ?
technology security

  1. SQL Injection

  2. Bufer Overflow

  3. Brute Force Attacks

  4. None of the above

Show answer
Correct Option: C

What would you use LOIC (Low Orbit Intensity Cannon) for?
technology security

  1. SQL Injection

  2. CSRF

  3. Path Manipulation

  4. Denial of Service

Show answer
Correct Option: D

ASLR(Address Space Layout Randomization) and DEP (Data Execution Prevention) can be effective countermeasures against ?
technology security

  1. Server Misconfigurations

  2. Buffer Overflow

  3. Brute Force Attacks

  4. None of the above

Show answer
Correct Option: C

Tina is working on a multi threaded application.The users of the application can specify the duration for which the threads may be put to sleep.If Tina does not perform any input validation,she is most likely to expose her code to ?
technology security

  1. Session Fixation

  2. Cross Side Scripting

  3. Denial of Service

  4. SQL Injection

Show answer
Correct Option: C

Cross site scripting is a type of attack where:
technology security

  1. Attacker changes the privilege level through a script

  2. Attacker uploads a message that contains client side code that attacks anyone that reads it.

  3. A script is run at the attackers machine

  4. None of the above

Show answer
Correct Option: B

It is a good programming practice to prevent Caching of sensitive data at client or proxies by implementing:
technology security

  1. "Cache-Control: do not-cache, do not save"

  2. "Cache-Control: do not-save, do not store"

  3. "Cache-Control: no-cache, no store"

  4. "Cache-Control: do not cache"

Show answer
Correct Option: C
Explanation:

To solve this question, the user needs to know about caching and how to prevent sensitive data from being cached on clients or proxies.

Option A: "Cache-Control: do not-cache, do not save" - This option is not entirely correct. Although the "do not-cache" directive will prevent the client or proxy from caching the data, there is no "do not save" directive in the Cache-Control header field.

Option B: "Cache-Control: do not-save, do not store" - This option is incorrect. There is no "do not-save" or "do not store" directive in the Cache-Control header field.

Option C: "Cache-Control: no-cache, no store" - This option is correct. The "no-cache" directive indicates that the client or proxy should not use a cached copy of the data for subsequent requests, but it should revalidate the data with the origin server. The "no-store" directive indicates that the client or proxy should not store the data in any form of cache. Together, these directives ensure that sensitive data is not cached on the client or proxy.

Option D: "Cache-Control: do not cache" - This option is not entirely correct. The "do not cache" directive will prevent the client or proxy from caching the data, but it does not prevent the data from being stored in other forms of cache.

Therefore, the correct answer is:

The Answer is: C

Which is not a component of IIS application ?
technology security

  1. FTP

  2. Common files

  3. Background Intelligent Transfer Service (BITS)

  4. All of the choices are component of IIS

Show answer
Correct Option: D