Tag: security

Questions Related to security

A Buffer over flow occurs when …
technology security

  1. The application does not have enough memory allocated to handle the large amount of input

  2. The Operating System does not have enough RAM to handle large amount of input

  3. The client does not have enough memory allocated to handle the large amount of input

  4. A variable in the program does not have enough memory allocated to handle the amount of input

Show answer
Correct Option: D

An intruder manipulates the URL which causes the web server to either execute a file or reveal the contents of a file which could be lying anywhere in the file system even out side the document root directory. What type of attack is this?
technology security

  1. Cross-Site Scripting

  2. SQL injection

  3. Command injection

  4. Directory traversal

Show answer
Correct Option: D

Web server will log which part of a GET request?
technology security

  1. Hidden tags

  2. Query Strings

  3. Header

  4. Cookies

Show answer
Correct Option: B
Explanation:

To solve this question, the user needs to know what a GET request is and how it works.

When a client (usually a web browser) sends a GET request to a web server, the server logs various information about the request. This information includes the requested resource (such as a webpage or image), the client's IP address, and other details.

Now, let's go through each option and explain why it is right or wrong:

A. Hidden tags: This option is incorrect because hidden tags are not part of a GET request. Hidden tags are used in HTML forms to send data to the server using the POST method, not the GET method.

B. Query Strings: This option is correct. Query strings are part of a GET request and allow the client to send additional information to the server. Query strings are appended to the end of the requested URL and are separated by a question mark (?). For example, in the URL "http://example.com/search?q=term", the query string is "q=term".

C. Header: This option is partially correct. The header of a GET request is logged by the server and contains information such as the client's user agent, accepted languages, and other details. However, this option is not the only part of a GET request that is logged.

D. Cookies: This option is incorrect because cookies are not part of a GET request. Cookies are used to store information on the client's side and can be sent to the server in subsequent requests, but they are not part of the initial GET request.

Therefore, the correct answer is:

The Answer is: B. Query Strings

How can we prevent dictionary attacks on password hashes ?
technology security

  1. Hashing the password twice

  2. Encrypting the password using the private key

  3. Use an encryption algorithm you wrote your self so no one knows how it works

  4. Salting the hash

Show answer
Correct Option: D
Explanation:

To prevent dictionary attacks on password hashes, one common technique is salting the hash.

Option A: Hashing the password twice is not a solution to prevent dictionary attacks. It is a technique called key stretching that makes brute-force attacks slower, but it does not prevent dictionary attacks.

Option B: Encrypting the password using the private key is not a solution to prevent dictionary attacks. Encryption is reversible, and an attacker with the private key can easily obtain the original password.

Option C: Using an encryption algorithm you wrote yourself is not a solution to prevent dictionary attacks. It is not recommended to invent your own encryption algorithm because it can have vulnerabilities that attackers can exploit.

Option D: Salting the hash is a technique that involves adding a random string of characters to the password before hashing. The salt is unique for each password and makes it difficult for an attacker to use precomputed hash tables (rainbow tables) to find the original password. Therefore, it is an effective method to prevent dictionary attacks.

Therefore, the correct answer is:

The Answer is: D

Implementing Access Control based on a hard coded IP address
technology security

  1. Can be done as it as an internal IP

  2. Can be done for internet facing servers as there are no chances of IP conflicts

  3. Is a good security practice

  4. Is a bad security practice

Show answer
Correct Option: D

Temporary files
technology security

  1. Should be placed securely in a folder called “temp” in the web root

  2. Can be placed anywhere in the web root as long as there are no links to them

  3. Should be completely removed from the server

  4. Can be placed anywhere after changing the extension

Show answer
Correct Option: C

What is the preferred medium for backing up log files ?
technology security

  1. Print the logs to a paper

  2. Create a copy of data in your laptop/desktop

  3. Copy the files to CD-R's

  4. None of the above

Show answer
Correct Option: C

What is the common cause of buffer over flows, cross-site scripting, SQL injection and format string attacks?
technology security

  1. Unvalidated input

  2. Lack of authentication

  3. Improper error handing

  4. Insecure configuration management

Show answer
Correct Option: A

Configuration Management Security principles apply to
technology security

  1. Commercial applications

  2. Custom built applications

  3. In house developed applications

  4. All of the above

Show answer
Correct Option: D

Which of the following can you reveal without compromising the security of the encrypted data
technology security

  1. Encrypted data itself

  2. Asymmetric private key

  3. Symmetric key

  4. Asymmetric public key

Show answer
Correct Option: D