Tag: security

Questions Related to security

Which of the following is not an web application vulnerability ?
technology security

  1. Invalidated input

  2. Cross site scripting (XSS)

  3. Use of firewall for content verification

  4. web sever misconfiguration

Show answer
Correct Option: C

Which piece of information is most likely to be gleaned from html source code?

technology security

  1. Directory structures

  2. Facility security measures

  3. Alarm codes

  4. Password policy

Show answer
Correct Option: A

Web applications that handle sensitive information employ appropriate communication protocols to encrypt the data in transit. Which one of the following communication protocols encrypts data during transit
technology security

  1. HTTP 1.1

  2. HTTP 1.0

  3. SSL/TLS

  4. HTTP Keep-Alive

Show answer
Correct Option: C

Refer URL : http://www.testrun.com/login.aspx?id=' OR 1=1- . Which type of attack refered in this URL

technology security

  1. Cross Site Scripting (XSS)

  2. Buffer Overflow

  3. SQL Injection

  4. Cross Site Request Forgeries (CSRF)

Show answer
Correct Option: C

Which of the following is not a security mechanism
technology security

  1. Defence

  2. Dumpster Diving

  3. Deterrence

  4. Detection

Show answer
Correct Option: B

Which of the following best describes the purpose of using disclaimers
technology security

  1. Make user aware of his obligation and establish accountability for his action

  2. Publish organizations policies

  3. Showcase organization's technological advancements

  4. Detect any intrusion into internal network of the organization

Show answer
Correct Option: A

Which is the correct phase of SDLC to start aiming for a secure application as end result

technology security

  1. Go-Live (deployment to production)

  2. Support and Maintenance

  3. Requirement Gathering Phase

  4. Prototyping Phase

Show answer
Correct Option: C
Explanation:

To aim for a secure application as an end result, it is important to consider security from the beginning of the software development lifecycle (SDLC). Therefore, the correct phase of SDLC to start aiming for a secure application as an end result is the Requirement Gathering Phase.

Option A: Go-Live (deployment to production) - This phase involves releasing the software to the end-users. While security testing can be conducted during this phase, it is too late to start aiming for a secure application as an end result.

Option B: Support and Maintenance - This phase involves maintaining and improving the software after it has been deployed to the end-users. While security improvements can be made during this phase, the focus should be on maintaining the security of the existing software rather than starting from scratch.

Option C: Requirement Gathering Phase - This phase involves identifying the business requirements and goals of the software. It is important to consider security requirements during this phase to ensure that the software is designed with security in mind from the beginning.

Option D: Prototyping Phase - This phase involves creating a preliminary version of the software to test its functionality. While security testing can be conducted during this phase, the focus is on testing the software's functionality rather than securing it.

Therefore, the answer is: The Answer is: C.

Exception Handling refers to

technology security

  1. Identifying all possible erroneous inputs and managing how the application responds to them

  2. During application execution, if some special conditions are met, then a specific subroutine 'exception handler' is called

  3. Commercial runtime environments have tools that record debugging information from memory at the time of exception to provide 'root-cause' analysis information later.

  4. All of the above

Show answer
Correct Option: D
Explanation:

To answer this question, the user needs to have knowledge about exception handling in programming.

Option A is incorrect because identifying all possible erroneous inputs and managing how the application responds to them is a part of input validation. It is not the same as exception handling.

Option B is partially correct. During application execution, if some special conditions are met, then a specific subroutine 'exception handler' is called. Exception handling involves detecting errors that occur during the execution of a program and taking appropriate action to handle them. The "specific subroutine" is the exception handler which is executed when an exception is thrown.

Option C is also partially correct. Commercial runtime environments have tools that record debugging information from memory at the time of exception to provide 'root-cause' analysis information later. This tool is essential to debug errors and improve the quality of the software.

Option D is correct because all the options A, B, and C are correct explanations of exception handling.

Therefore, the answer is: D. All of the above.

It is not a good idea to include readymade code from google search into customer application deliverables even though it may save a lot of time and cost for the project because
technology security

  1. It may be copyrighted and not usable without explicit permission, payment or formal credit to creator

  2. It may carry spyware, backdoors or some form of malicious code

  3. It may breach the service agreement with customer if done without approval

  4. All of the above

Show answer
Correct Option: D
Explanation:

To answer this question, the user needs to understand the potential risks associated with using code from a Google search in customer application deliverables.

Now, let's go through each option and explain why it is right or wrong:

A. All of the above: This option is correct. All of the other options are valid reasons why it is not a good idea to use code from a Google search in customer application deliverables.

B. It may be copyrighted and not usable without explicit permission, payment or formal credit to creator: This option is correct. Code found through a Google search may be protected by copyright, and unauthorized use could lead to legal issues.

C. It may carry spyware, backdoors or some form of malicious code: This option is correct. Code found through a Google search may contain hidden malicious code that could compromise the security of the application or the user's data.

D. It may breach the service agreement with customer if done without approval: This option is correct. Using code from a Google search without proper approval could violate the terms of the service agreement with the customer.

Therefore, the answer is: A. All of the above.

Which is a common web server vulnerability?
technology security

  1. Limited user accounts

  2. Default installation

  3. Open shares

  4. No directory access

Show answer
Correct Option: B
Explanation:

To solve this question, the user needs to know about common web server vulnerabilities. The user must identify the vulnerability among the given options.

Now, let's go through each option and explain why it is right or wrong:

A. Limited user accounts: This option is not a common web server vulnerability. Limited user accounts may prevent unauthorized access to the web server, which is actually a security feature.

B. Default installation: This option is a common web server vulnerability. Many web servers are configured with default settings, which may include default user accounts, passwords, and configurations. Attackers can exploit these vulnerabilities to gain unauthorized access to the web server.

C. Open shares: This option is not a common web server vulnerability. Open shares are more often associated with file servers and network shares, rather than web servers.

D. No directory access: This option is not a common web server vulnerability. No directory access may prevent unauthorized access to sensitive directories on the web server, which is actually a security feature.

The Answer is: B