Trivia Quiz: How Well Do You Know About Cryptography And Network Security?

16 Questions | Total Attempts: 117

SettingsSettingsSettings
Cryptography Quizzes & Trivia

How Well Do You Know About Cryptography And Network? The internet is a very risky place to store your data as it can be easily accessible to people who want to use it against you. Do you encrypt your data that only those allowed can view it? Take this quiz and see if your information is actually safe. All the best!


Questions and Answers
  • 1. 
    Below are the properties of a Good Cryptosystem. EXCEPT;
    • A. 

      The ciphertext must be indistinguishable from true random values.

    • B. 

      Enumerating all possible keys must be infeasible.

    • C. 

      Produce plaintext from ciphertext without the key

    • D. 

      There should be no way short of enumerating all possible keys to find the key from any reasonable amount of ciphertext and plaintext, nor any way to produce plaintext from ciphertext without the key.

  • 2. 
    What type of algorithm is used to ensure file integrity?
    • A. 

      Stream Ciphers

    • B. 

      Session Tokens

    • C. 

      Symmetric Key Algorithms

    • D. 

      Hash Function

  • 3. 
    There are three known types of XSS flaws: ___________, __________, and _____________.
    • A. 

      Stored, reflected and DOM Based XSS

    • B. 

      Saved, deleted and DAM Based XSS

    • C. 

      Reserved, released and DOM Based SQL

    • D. 

      Compiled, decompiled and DOM Based SQL

  • 4. 
    ________________is the process of examining a user submitted HTML document fragment and producing a new HTML document that preserves only whatever tags are designated "safe".
    • A. 

      HTML Encoding

    • B. 

      HTML sanitization

    • C. 

      URL Encoding

    • D. 

      URL sanitization

  • 5. 
    Input validation should be based on...
    • A. 

      Whitelisting

    • B. 

      Blacklisting

    • C. 

      Authorization

    • D. 

      Authentication

  • 6. 
    An e-commerce shopping site uses hidden fields to refer to its items, as follows: <input type=”hidden” id=”1008” name=”cost” value=”70.00”> In the above example, what is true?
    • A. 

      User will not notice it as this is hidden field, so don't need to worry about the value being changed.

    • B. 

      Since client validation is done, server validation is not needed.

    • C. 

      “value” can be modified to lower its cost.

  • 7. 
    What is the impact of an access control failure? (multi) A. Loss of accountability B. Loss of reputation C. Disclosure of confidential data D. Data tampering  
    • A. 

      A, B and C

    • B. 

      A, B and D

    • C. 

      B, C and D

    • D. 

      A, C and D

    • E. 

      All of above

  • 8. 
    What describes the best practice of "code to the permission"?
    • A. 

      Embed roles in access control code on every individual page

    • B. 

      Verify access to activities for enforcement points in code

    • C. 

      Do function level role checks

    • D. 

      Assign entitlements on a per-user basis only

  • 9. 
    What is the best defense for SQL Injection protection?
    • A. 

      Query Parameterization

    • B. 

      Stored Procedures

    • C. 

      Input Validating

    • D. 

      Access Control Design

  • 10. 
    An ______________ attack occurs when an attacker attempts to execute system level commands through a vulnerable application.
    • A. 

      OS command injection

    • B. 

      Brute Force

    • C. 

      Local Directory Traversal

    • D. 

      DDos

  • 11. 
    What is the theory behind good password storage?
    • A. 

      Verifiable and reversible

    • B. 

      Not verifiable and not reversible

    • C. 

      Verifiable but not reversible

    • D. 

      Not verifiable and reversible

  • 12. 
    Which of the following will help stop session fixation?
    • A. 

      Allow for support of session identifiers in URL’s

    • B. 

      Invalidate session during change password

    • C. 

      At login time, redirect user if session is inactive

    • D. 

      Discard current session and create a new on at login

  • 13. 
    What is Cross-Site Request Forgery?
    • A. 

      When users are tricked into executing authenticated actions

    • B. 

      When attackers steal session data from the network

    • C. 

      When users use weak passwords

    • D. 

      When users are tricked into clicking on a page

  • 14. 
    There are Four Defense Patterns to Stop Cross-Site Request Forgery (CSRF). Which answer below is not one of the four defense patterns?
    • A. 

      Challenge Response

    • B. 

      Synchronizer Token Pattern

    • C. 

      Check Referrer Header

    • D. 

      Output Encoding

  • 15. 
    Name the best way to validate XML for web services?
    • A. 

      Regular Expressions

    • B. 

      XML DTD Validation

    • C. 

      XML Schema Validation

    • D. 

      All of the above

    • E. 

      None of the above

  • 16. 
    How do you ensure a JSON object fits a specific policy for your application?
    • A. 

      JSON-Schema

    • B. 

      JSON Validation API

    • C. 

      JSON Scrubber

    • D. 

      JSON Hyper-Schema

Back to Top Back to top