Tag: security

Questions Related to security

The difference between a GET and a POST request is
technology security

  1. It does not matter, the web serve will treat all GET requests as POST requests

  2. The information in a POST request cannot be manipulated. It is possible to change a GET request.

  3. A GET request is sent when requesting information; A POST request is sent when sending information

  4. The data is sent in the body of the POST request and in the URL in a GET request

Show answer
Correct Option: D

Which of the following best describes the difference between white-box testing and black-box testing?
technology security

  1. White-box testing is performed by an independent programmer team

  2. Black-box testing uses the bottom-up approach

  3. Black-box testing involves the business units

  4. White-box testing examines the program internal logical structures

Show answer
Correct Option: D

Scanning underlying source code with a database of regular expressions to quickly identify suspicious code, application inputs, outputs etc primarily relates to ..
technology security

  1. Gray-box testing

  2. Black-box testing

  3. White-box testing

  4. None of these

Show answer
Correct Option: C

What is the difference between network vulnerability assessment and a penetration test?
technology security

  1. A penetration test enumerates resources, and a vulnerability assessment enumerates vulnerabilities

  2. They are one and the same

  3. A penetration test identifies running services, and vulnerability assessments provide a more in-depth understanding of vulnerabilities

  4. A penetration test exploits vulnerabilities, and a vulnerability assessment finds vulnerabilities

Show answer
Correct Option: D

XSS stands for?
technology security

  1. cross site scrpting

  2. X site scrpting

  3. spread sheet

  4. Excel site scrpting

Show answer
Correct Option: A

The ASAP process can applied at which phase of an application development for best results?
technology security

  1. During testing

  2. During development

  3. During all phases of development starting with requirement analysis and ending with rollout

  4. During design

Show answer
Correct Option: C

In the ASAP process what is the main activity carried out in the requirement analysis phase?

technology security

  1. Capture the customer requirements

  2. Update the project plan

  3. Capture and update the URS and SRS with security requirements for the project

  4. None of the above

Show answer
Correct Option: C

Who has the responsibility for remediation of the security vulnerabilities discovered during application security testing?
technology security

  1. ASAP Team

  2. Development Team

  3. Testing Team

  4. Project Management

Show answer
Correct Option: B

What are the different types of engagement models available for ASAP?
technology security

  1. Time and Money, Fixed price

  2. Offshore, Onshore, Offshore-Onshore

  3. Full-Fledged, Staggered, Fast Track

  4. None of the above

Show answer
Correct Option: C

As part of ASAP what type of analysis is performed during the design and build phase?
technology security

  1. Dynamic code analysis

  2. Static code analysis

  3. Both

  4. None

Show answer
Correct Option: B