Tag: security

Questions Related to security

What is OWASP WebGoat?
technology security

  1. Web Proxy

  2. XSS Scanner

  3. An insecure J2EE web application

  4. None of the above

Show answer
Correct Option: C

Which of the following best describes the difference between white-box testing and black-box testing?
technology security

  1. White-box testing is performed by an independent programmer team

  2. Black-box testing uses the bottom-up approach

  3. Black-box testing involves the business units

  4. White-box testing examines the program internal logical structures

Show answer
Correct Option: D

Scanning underlying source code with a database of regular expressions to quickly identify suspicious code, application inputs, outputs etc primarily relates to ..
technology security

  1. Grey-box testing

  2. Black-box testing

  3. White-box testing

  4. None of these

Show answer
Correct Option: C

What is the difference between network vulnerability assessment and a penetration test?
technology security

  1. A penetration test enumerates resources, and a vulnerability assessment enumerates vulnerabilities

  2. They are one and the same

  3. A penetration test identifies running services, and vulnerability assessments provide a more in-depth understanding of vulnerabilities

  4. A penetration test exploits vulnerabilities, and a vulnerability assessment finds vulnerabilities

Show answer
Correct Option: D

The three steps to successful patch management are …

technology security

  1. Acquiring, Testing, Installing

  2. Testing, Remediation, Peer Review

  3. Determine needs, Acquire resources, Install the patch

  4. Both A & B

Show answer
Correct Option: A

The correct way to disable autocomplete in the browser for certain forms is to ….

technology security

  1. Set autocomplete to “0”

  2. Set autocomplete to “Off”

  3. Set autocomplete to some other value

  4. Set autocomplete to “no-store”

Show answer
Correct Option: B

AI Explanation

To answer this question, you need to understand how to disable autocomplete in a browser for certain forms. Let's go through each option to understand why it is correct or incorrect:

Option A) Set autocomplete to "0" - This option is incorrect because the correct attribute value to disable autocomplete is "off", not "0".

Option B) Set autocomplete to "Off" - This option is correct because setting the autocomplete attribute to "off" will disable autocomplete for the specific form.

Option C) Set autocomplete to some other value - This option is incorrect because the attribute value "off" is specifically used to disable autocomplete. Using any other value will not have the desired effect.

Option D) Set autocomplete to "no-store" - This option is incorrect because "no-store" is used to indicate that the browser should not store the form data in its cache, but it does not disable autocomplete.

The correct answer is B) Set autocomplete to "Off". This option is correct because setting the autocomplete attribute to "off" will effectively disable autocomplete for the specific form.

Credit card numbers should be logged into the log file during exception
technology security

  1. No. Because leads to insecure storage of private information of the customer

  2. Yes. Because it is a good logging practice to log all relevant information during an exception

  3. Yes. Because it will help in troubleshooting specific customer problems

  4. No. Because its an additional over head

Show answer
Correct Option: A

Web Service interfaces are prone to which of the following standard web application attacks ?
technology security

  1. SQL Injection

  2. Denial of Service

  3. XML Injection

  4. All of the above

Show answer
Correct Option: D

A race condition in a web server can cause …
technology security

  1. Resources to become unavailable to legitimate users

  2. Cross Site Tracing

  3. Server Instability

  4. Both A and B

Show answer
Correct Option: C

It is a leading practice to suppress detailed errors in the following places:
technology security

  1. Web Server configuration files

  2. Application configuration files

  3. Application error handlers

  4. All of the above

Show answer
Correct Option: D