Tag: security

Questions Related to security

Which of the following statements is NOT true regarding Error Handling and Logging?
technology security

  1. Never rely on the operating system, database, or hardware to handle errors

  2. Your application’s code should always include its own error handler.

  3. All errors generated by internal components such as system calls, database queries, and other internal functions, should be handled by the application’s exception handler

  4. Never implement a generic error page

Show answer
Correct Option: D

Complete the following statement: To prevent Cross Site Scripting (XSS), validate all the user supplied input for _____ before processing or inserting those values into the database

technology security

  1. type and format

  2. type, length , format and range

  3. type, length and range

  4. length and range

Show answer
Correct Option: B

AI Explanation

To prevent Cross Site Scripting (XSS), it is important to validate all the user-supplied input for type, length, format, and range before processing or inserting those values into the database.

Option A) Type and format - This option is incorrect because it only considers the type and format of the input, but does not address the length and range.

Option B) Type, length, format, and range - This option is correct because it includes all the necessary validations to ensure the input is safe. Validating the type ensures that the input matches the expected data type. Validating the length ensures that the input does not exceed the allowed length. Validating the format ensures that the input follows the expected pattern or structure. Validating the range ensures that the input falls within the acceptable range of values.

Option C) Type, length, and range - This option is incorrect because it does not consider the format validation, which is important to prevent certain types of XSS attacks.

Option D) Length and range - This option is incorrect because it only considers the length and range of the input, but does not address the type and format validations.

The correct answer is B) Type, length, format, and range. This option is correct because it includes all the necessary validations to prevent Cross Site Scripting (XSS) attacks.

Upon log-out, how should the application deal with session cookies ?

technology security

  1. Update the time

  2. Clear them

  3. Update the header

  4. Store IP

Show answer
Correct Option: B

AI Explanation

To answer this question, you need to understand how session cookies work and how they are typically handled upon log-out.

Option A) Update the time - This option is incorrect. Updating the time of the session cookies would not be the appropriate action to take upon log-out. The purpose of updating the time is usually to extend the session duration while the user is actively using the application.

Option B) Clear them - This option is correct. When a user logs out of an application, it is common practice to clear or delete the session cookies associated with that user's session. This ensures that the user's session information is no longer stored on the client-side, providing an added level of security and preventing unauthorized access to the user's account.

Option C) Update the header - This option is incorrect. Updating the header is not the appropriate action to take upon log-out in relation to session cookies. The header typically contains information about the request and response, but it does not directly relate to managing session cookies.

Option D) Store IP - This option is unrelated to how the application should deal with session cookies upon log-out. Storing IP addresses is a separate concept and is typically done for purposes such as tracking user activity or implementing security measures. It does not directly pertain to the management of session cookies upon log-out.

Therefore, the correct answer is B) Clear them. This option is correct because clearing the session cookies upon log-out ensures that the user's session information is no longer stored on the client-side.

Secure practices for Access control include

technology security

  1. Use role based access

  2. Enforce authorization on each request

  3. Enforce Business Workflow

  4. All

Show answer
Correct Option: D
Explanation:

To ensure secure access control, users need to follow some best practices. The answer is option D, which means that all the options mentioned are correct.

Explanation of each option:

A. Use role-based access: This option is correct because role-based access control (RBAC) is a secure practice to control access to resources based on the roles assigned to individual users within an organization. It ensures that users have the necessary access to complete their tasks and restricts access to resources that are not relevant to their role.

B. Enforce authorization on each request: This option is correct because enforcing authorization on each request helps to verify that the user has the necessary privileges to access the requested resource. Authorization ensures that users only access the resources that they need to complete their tasks and nothing more.

C. Enforce Business Workflow: This option is correct because enforcing business workflow ensures that the access granted to users is in alignment with the business processes. By enforcing business workflow, organizations can minimize the risk of unauthorized access to resources and ensure that the access granted is relevant to the user's role.

D. All: This option is correct because all the options mentioned are secure practices for access control. Using role-based access, enforcing authorization on each request, and enforcing business workflow, all contribute towards ensuring secure access control.

Therefore, the correct answer is: D. All.

Gaining access to functionality for other user of same roles is

technology security

  1. Horizontal Privielege Escalation

  2. Vertical Privielege Escalation

  3. Cross functional escalation

  4. Session Hijacking

Show answer
Correct Option: A

What are the disadvantages of using a public key algorithm compared to a symmetric algorithm?
technology security

  1. A symmetric algorithm provides better access control.

  2. A symmetric algorithm is a faster process.

  3. A symmetric algorithm provides nonrepudiation of delivery.

  4. A symmetric algorithm is more difficult to implement

Show answer
Correct Option: B

Sensitive Databases must be encrypted with
technology security

  1. Random numbers

  2. A long password

  3. DES

  4. A FIPS - or EAL-certified algorithm

Show answer
Correct Option: D

Anonymiser is
technology security

  1. FBI agent

  2. A website that allows you to masquerade your identity

  3. Tool that allows you to do phising

  4. Tool that allows you to do vishing

Show answer
Correct Option: B

Popular methods adopted by hackers/crackers to avoid getting caught
technology security

  1. Wear a mask over their face while they hack

  2. Change their dressing pattern, modify their appearance

  3. Using methods like phising

  4. Piggybacking into unsecured wireless

Show answer
Correct Option: D

One of the ways to do a distributed denial of service attack
technology security

  1. Distribute virus through emails

  2. Distribute worms through emails

  3. Use botnets

  4. Phising

Show answer
Correct Option: C