Tag: security

Questions Related to security

Which cookie value or attribute helps protect session tokens from a cross-site scripting attack?
technology security

  1. HTTP-ONLY is set

  2. Domain is not set

  3. Expiration is set to one week

  4. Expiration is set to one day

Show answer
Correct Option: A

What is an implication of insecure cryptographic storage
technology security

  1. The website could be defaced, and database tables could be deleted

  2. Sensitive data could be stolen

  3. A malicious script could be executed, and database tables could be deleted

  4. A malicious script could be executed, and session tokens could be predicted

Show answer
Correct Option: B

What does the Manual Explore feature in AppScan allow users to do?
technology security

  1. manually test for vulnerabilities

  2. manually log in

  3. manually step through the application

  4. exclude links from the scan

Show answer
Correct Option: C

Your scan has been running for one hour. When observing your scan’s progress, you notice that there are several URLs that match the following pattern: .../doAction.pl?action=viewpromotions&timestamp=14:00&n=1 .../doAction.pl?action=viewpromotions&timestamp=15:30&n=1 Which action should you take to optimize your scan and prevent an infinite loop?
technology security

  1. ensure JavaScript Execute is turned on

  2. track the “viewpromotions” parameter

  3. ignore the “timestamp” parameter

  4. turn off the Redundant Path limit setting

Show answer
Correct Option: C

Automatic Form Fill is enabled and includes the following entry: Description: Social Security Parameters: ssn Value: 273 27 2733 Match Type: Partial URL: {blank} Which form parameter is automatically filled in?
technology security

  1. socialSecurityNumber

  2. socialSecurityNum

  3. secnum

  4. customerssn

Show answer
Correct Option: D

Which AppScan user interface provides relevant information about how AppScan tested for a particular vulnerability?
technology security

  1. Application Tree

  2. Request/Response

  3. Application Data

  4. Remediation Tasks View

Show answer
Correct Option: B

In most cases, AppScan uses a variety of different tests to discover a single type of vulnerability. What is this called?
technology security

  1. a test policy

  2. a test variant

  3. a test case

  4. a test HTTP request

Show answer
Correct Option: B

Cross Site Scripting is an attack against
technology security

  1. Client (Browser)

  2. Database

  3. Web Application

  4. Web Server

Show answer
Correct Option: A

The principle of least privilege as it applies to Access control mandates that:
technology security

  1. Group based access control should be implemented to assign permissions to application users

  2. Consistent authorization checking should be performed on all application pages

  3. A set of all allowable actions should be defined for each user role and all other's denied

  4. All failed access authorization requests should be logged to a secure location for review by administrators

Show answer
Correct Option: C

Web server will log which part of a GET request?
technology security

  1. Hidden tags

  2. Query Strings

  3. Header

  4. Cookies

Show answer
Correct Option: B