Trivia Quiz: How Well Do You Know About Cryptography And Network Security?
How Well Do You Know About Cryptography And Network? The internet is a very risky place to store your data as it can be easily accessible to people who want to use it against you. Do you encrypt your data that only those allowed can view it? Take this quiz and see if your information is actually safe. All the best!
- 1.
Below are the properties of a Good Cryptosystem. EXCEPT;
- A.
The ciphertext must be indistinguishable from true random values.
- B.
Enumerating all possible keys must be infeasible.
- C.
Produce plaintext from ciphertext without the key
- D.
There should be no way short of enumerating all possible keys to find the key from any reasonable amount of ciphertext and plaintext, nor any way to produce plaintext from ciphertext without the key.
Correct Answer
C. Produce plaintext from ciphertext without the keyExplanation
The given answer "Produce plaintext from ciphertext without the key" is the correct answer because it goes against one of the properties of a good cryptosystem. A good cryptosystem should not allow anyone to produce plaintext from ciphertext without the key. This property ensures the confidentiality of the encrypted data and prevents unauthorized access to the original message.Rate this question:
-
- 2.
What type of algorithm is used to ensure file integrity?
- A.
Stream Ciphers
- B.
Session Tokens
- C.
Symmetric Key Algorithms
- D.
Hash Function
Correct Answer
D. Hash FunctionExplanation
A hash function is used to ensure file integrity by generating a unique hash value for a file. This hash value acts as a digital fingerprint for the file, and any changes made to the file will result in a different hash value. By comparing the original hash value with the recalculated hash value, one can determine if the file has been tampered with or corrupted. Therefore, a hash function is an essential tool in ensuring the integrity and authenticity of files.Rate this question:
-
- 3.
There are three known types of XSS flaws: ___________, __________, and _____________.
- A.
Stored, reflected and DOM Based XSS
- B.
Saved, deleted and DAM Based XSS
- C.
Reserved, released and DOM Based SQL
- D.
Compiled, decompiled and DOM Based SQL
Correct Answer
A. Stored, reflected and DOM Based XSSExplanation
The correct answer is "stored, reflected and DOM Based XSS." XSS stands for Cross-Site Scripting, which is a type of security vulnerability in web applications. Stored XSS occurs when malicious code is permanently stored on a target website and executed whenever a user accesses the affected page. Reflected XSS involves injecting malicious code into a URL, which is then reflected back to the user and executed. DOM Based XSS exploits vulnerabilities in the Document Object Model (DOM) of a web page to inject and execute malicious code.Rate this question:
-
- 4.
________________is the process of examining a user submitted HTML document fragment and producing a new HTML document that preserves only whatever tags are designated "safe".
- A.
HTML Encoding
- B.
HTML sanitization
- C.
URL Encoding
- D.
URL sanitization
Correct Answer
B. HTML sanitizationExplanation
HTML sanitization is the process of examining a user-submitted HTML document fragment and producing a new HTML document that preserves only whatever tags are designated "safe". This means that any potentially harmful or malicious code is removed or neutralized, ensuring that the resulting HTML document is safe to display and cannot execute any harmful actions.Rate this question:
-
- 5.
Input validation should be based on...
- A.
Whitelisting
- B.
Blacklisting
- C.
Authorization
- D.
Authentication
Correct Answer
A. WhitelistingExplanation
Input validation should be based on whitelisting because it is a security measure that allows only pre-approved or trusted inputs to be accepted, while rejecting all others. This approach ensures that only known and safe inputs are processed, reducing the risk of malicious or unexpected inputs causing harm or compromising the system. Whitelisting is considered more secure than blacklisting, which involves specifying what inputs to reject, as it is easier to overlook potential threats when trying to identify and block all possible malicious inputs. Authorization and authentication are related to access control and user identification, but they are not directly related to input validation.Rate this question:
-
- 6.
An e-commerce shopping site uses hidden fields to refer to its items, as follows: <input type=”hidden” id=”1008” name=”cost” value=”70.00”> In the above example, what is true?
- A.
User will not notice it as this is hidden field, so don't need to worry about the value being changed.
- B.
Since client validation is done, server validation is not needed.
- C.
“value” can be modified to lower its cost.
Correct Answer
C. “value” can be modified to lower its cost.Explanation
The given answer is correct because hidden fields are not visible to the user and can be easily modified by manipulating the HTML code. In this case, the "value" attribute of the hidden field can be changed to a lower cost, allowing the user to potentially purchase the item at a discounted price.Rate this question:
-
- 7.
What is the impact of an access control failure? (multi) A. Loss of accountability B. Loss of reputation C. Disclosure of confidential data D. Data tampering
- A.
A, B and C
- B.
A, B and D
- C.
B, C and D
- D.
A, C and D
- E.
All of above
Correct Answer
E. All of aboveExplanation
An access control failure can have multiple impacts, including loss of accountability, loss of reputation, disclosure of confidential data, and data tampering. When access controls fail, it becomes difficult to track and assign responsibility for actions taken within a system, leading to a loss of accountability. This can damage the reputation of the organization or system involved, resulting in a loss of trust from customers or stakeholders. Additionally, access control failures can lead to the unauthorized disclosure of confidential data, compromising privacy and potentially causing harm. Lastly, data tampering can occur when access controls are not properly enforced, allowing unauthorized individuals to modify or manipulate data, leading to potential misinformation or malicious activities.Rate this question:
-
- 8.
What describes the best practice of "code to the permission"?
- A.
Embed roles in access control code on every individual page
- B.
Verify access to activities for enforcement points in code
- C.
Do function level role checks
- D.
Assign entitlements on a per-user basis only
Correct Answer
B. Verify access to activities for enforcement points in codeExplanation
"Code to the permission" refers to the practice of verifying access to activities for enforcement points in the code. This means that the code should include checks to ensure that only authorized users have access to certain activities or functionalities. By embedding these checks in the code, it helps to enforce proper access control and prevent unauthorized actions. This practice ensures that permissions are properly implemented and enforced at the code level.Rate this question:
-
- 9.
What is the best defense for SQL Injection protection?
- A.
Query Parameterization
- B.
Stored Procedures
- C.
Input Validating
- D.
Access Control Design
Correct Answer
A. Query ParameterizationExplanation
Query parameterization is the best defense for SQL Injection protection because it involves using parameterized queries, which allow the database engine to distinguish between code and data. This prevents malicious SQL code from being injected into the query by treating user input as data rather than executable code. By parameterizing queries, it becomes much more difficult for attackers to manipulate the query structure and execute unauthorized commands. This approach helps to ensure the security and integrity of the database by effectively mitigating the risk of SQL Injection attacks.Rate this question:
-
- 10.
An ______________ attack occurs when an attacker attempts to execute system level commands through a vulnerable application.
- A.
OS command injection
- B.
Brute Force
- C.
Local Directory Traversal
- D.
DDos
Correct Answer
A. OS command injectionExplanation
OS command injection occurs when an attacker tries to execute system level commands through a vulnerable application. This type of attack takes advantage of the application's insufficient input validation, allowing the attacker to inject malicious commands that can be executed by the underlying operating system. This can lead to unauthorized access, data leakage, or even complete control over the targeted system.Rate this question:
-
- 11.
What is the theory behind good password storage?
- A.
Verifiable and reversible
- B.
Not verifiable and not reversible
- C.
Verifiable but not reversible
- D.
Not verifiable and reversible
Correct Answer
C. Verifiable but not reversibleExplanation
The theory behind good password storage is that passwords should be verifiable but not reversible. This means that the system should be able to verify if a user enters the correct password, but it should not be able to retrieve the original password from the stored data. This is important for security purposes, as it ensures that even if the stored password data is compromised, the attacker cannot easily access the actual passwords.Rate this question:
-
- 12.
Which of the following will help stop session fixation?
- A.
Allow for support of session identifiers in URL’s
- B.
Invalidate session during change password
- C.
At login time, redirect user if session is inactive
- D.
Discard current session and create a new on at login
Correct Answer
D. Discard current session and create a new on at loginExplanation
Discarding the current session and creating a new one at login helps stop session fixation. This is because session fixation is an attack where an attacker fixes or sets the session ID of a user before they authenticate. By discarding the current session and creating a new one at login, the attacker's fixed session ID becomes invalid, preventing them from accessing the user's session. This helps protect the user's session from unauthorized access and ensures a more secure login process.Rate this question:
-
- 13.
What is Cross-Site Request Forgery?
- A.
When users are tricked into executing authenticated actions
- B.
When attackers steal session data from the network
- C.
When users use weak passwords
- D.
When users are tricked into clicking on a page
Correct Answer
A. When users are tricked into executing authenticated actionsExplanation
Cross-Site Request Forgery (CSRF) occurs when users are tricked into unknowingly performing actions on a website that they are authenticated on. This can happen by exploiting the trust between the user and the website, where the attacker tricks the user into clicking on a malicious link or visiting a compromised webpage. By doing so, the attacker can perform actions on behalf of the user without their consent or knowledge, potentially leading to unauthorized changes or data theft.Rate this question:
-
- 14.
There are Four Defense Patterns to Stop Cross-Site Request Forgery (CSRF). Which answer below is not one of the four defense patterns?
- A.
Challenge Response
- B.
Synchronizer Token Pattern
- C.
Check Referrer Header
- D.
Output Encoding
Correct Answer
D. Output EncodingExplanation
Output Encoding is not one of the four defense patterns to stop Cross-Site Request Forgery (CSRF). The other three defense patterns mentioned, namely Challenge Response, Synchronizer Token Pattern, and Check Referrer Header, are commonly used techniques to prevent CSRF attacks. Output Encoding, on the other hand, is a technique used to prevent other types of vulnerabilities, such as Cross-Site Scripting (XSS), by encoding user input before it is displayed on a web page.Rate this question:
-
- 15.
Name the best way to validate XML for web services?
- A.
Regular Expressions
- B.
XML DTD Validation
- C.
XML Schema Validation
- D.
All of the above
- E.
None of the above
Correct Answer
C. XML Schema ValidationExplanation
XML Schema Validation is the best way to validate XML for web services. XML Schema is a language used to define the structure and data types of XML documents. It provides a set of rules that the XML document must follow in order to be considered valid. By validating XML against an XML Schema, we can ensure that the XML document conforms to the specified structure and data types, making it suitable for use in web services. Regular Expressions and XML DTD Validation are not specifically designed for XML validation in the same way as XML Schema Validation, making them less suitable options.Rate this question:
-
- 16.
How do you ensure a JSON object fits a specific policy for your application?
- A.
JSON-Schema
- B.
JSON Validation API
- C.
JSON Scrubber
- D.
JSON Hyper-Schema
Correct Answer
A. JSON-SchemaExplanation
JSON-Schema is a tool that allows you to define a specific policy for your JSON object. It provides a way to validate and enforce the structure, data types, and constraints of the JSON object. By using JSON-Schema, you can ensure that the JSON object adheres to the required format and rules set by your application. This helps in maintaining data integrity and preventing any unexpected errors or issues while working with the JSON object.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 20, 2023Quiz Edited by
ProProfs Editorial Team -
Mar 19, 2015Quiz Created by
Drew_daniels
Back to top