Tag: security

Questions Related to security

Which among the below do you think appscan will NOT report as “Predictable login credentials?
technology security

  1. Admin/admin1

  2. John/nAscar

  3. John/n@sc1234r

  4. John/nascar2

Show answer
Correct Option: C

The occurrence of which among the below in the http response will appscan report as possible server path disclosure vulnerability?
technology security

  1. ../../help/images/about.jpeg

  3. d:/etc/host/pwd

  4. document.title(“/admin/administration”);

Show answer
Correct Option: C

It’s advisable to run appscan in the preproduction environment. What do you think are the reasons? Select 2 answers
technology security

  1. Don’t have to inform the application owner

  2. To prevent production database corruption

  3. To prevent user functionality disruption

  4. To reduce network traffic

Show answer
Correct Option: B,C

Before running a test its advisable to do the following. Select 3 answers
technology security

  1. Inform the user population about the test

  2. Inform the QA and system administers about the test

  3. Backup the database

  4. Shut down the configured SMPT servers

Show answer
Correct Option: A,B,C

What’s the effect of malicious file execution on the server?
technology security

  1. User account compromised

  2. Steal user sessions

  3. Site defacement and complete take over of the application

  4. Complete user account compromise

Show answer
Correct Option: C

What is the best approach to secure a web application?
technology security

  1. Use https

  2. Use encryption

  3. Black box testing

  4. Secure coding

Show answer
Correct Option: D

Which among the below indicate application error?
technology security

  1. 400 return code

  2. 500 return code

  3. 302 return code

  4. 200 return code

Show answer
Correct Option: B

Which among the below is an example of information leakage vulnerability?
technology security

  1. Displaying “Welcome, “+request.getParameter(“userid”)

  2. Displaying “You entered either a wrong user id or password” error message

  3. Call stack trace

  4. Return error code 404

Show answer
Correct Option: C

During testing you observed that after few minutes of initiating the scan appscan locks itself out of the application. How will you resolve the problem?
technology security

  1. Configure appscan not to test login/logout pages

  2. Increase the thread count

  3. Decrease the timeout

  4. Increase the timeout

Show answer
Correct Option: A

While analyzing your application you observed that a part of your application is accessed using the domain name whereas the login url is defined as http://10.1.52.3/apps/login.asp. How will you configure appscan to test this application?

technology security

  1. Add the domain name in the “Additional servers and domains” section in the scan configuration

  2. Add 10.1.52.3 in the “Additional servers and domains” section in the scan configuration

  3. Put the domain name in the login url

  4. Change the application code to reflect the domain name every where

Show answer
Correct Option: A