Dfw6013 Security Web Programming

10 Questions | Total Attempts: 28

SettingsSettingsSettings
Please wait...
Dfw6013 Security Web Programming

SECURITY IN WEB PROGRAMMING covers Web safety and browser vulnerabilities, privacy concerns, issues with Java, JavaScript, ActiveX, and all things Web and security related. Various protocols, and approaches to provide web services in as secure a manner as possible will be investigated, to include: digital certificates SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API. INSTRUCTION: This section consists of TEN (10) objective questions.


Questions and Answers
  • 1. 
    Identify what THREE (3) threats are email based? i. spam ii. attachment-based attacks iii. email address spoofing iv. insufficient user authentication
    • A. 

      I, ii & iii

    • B. 

      Ii, iii & iv

    • C. 

      I, iii & iv

    • D. 

      I, ii & iv

  • 2. 
    Identify the reason can HTTPS traffic make security monitoring difficult.
    • A. 

      Encryption

    • B. 

      Large packet header  

    • C. 

      Signature detection takes longer

    • D. 

      SSL interception

  • 3. 
    Identify which of following would meet the requirements for multifactor authentication
    • A. 

      Username, PIN and employee ID number

    • B. 

      ​​​​​​​Fingerprint and Password

    • C. 

      ​​​​​​​Smart card and hardware token

    • D. 

      Voice recognition and retina scan

  • 4. 
    Choose the TRUE statement about the following statements are true about system vulnerabilities i. A vulnerability is a threat on a system ii. A vulnerability is an exploitable weakness in a system or its design. iii. Vulnerabilities can be found in protocols, operating system, application, hardware and system design. iv. Vulnerabilities are exploits that are discovered every day in software and hardware products.
    • A. 

      I & ii

    • B. 

      Ii & iii

    • C. 

      Ii & iv

    • D. 

      Iii & iv

  • 5. 
    Identify which of the following is the LEAST secure hashing algorithm
    • A. 

      SHA1

    • B. 

      RIPEMD

    • C. 

      MD5

    • D. 

      DES

  • 6. 
    Choose TCP port does SSL/TLS use for HTTPS communication.
    • A. 

      TCP 563

    • B. 

      TCP 626

    • C. 

      TCP 80

    • D. 

      TCP 443

  • 7. 
    Choose the countermeasures that can reduce the threat of Cross-Site Request Forgery (CSRF)? i. Educate user to recognize possible phishing attacks. ii. Deny access to the public internet from workstations and laptops. iii.Visit OWASP.org website for up to date information and guidance on developing web content. iv. Implement a proxy server solution for user that access the internet.
    • A. 

      I&ii

    • B. 

      I&iii

    • C. 

      Ii&iii

    • D. 

      Iii&iv

  • 8. 
    Identify the option can lead to an SQL injection attack
    • A. 

      Insufficient user input validation

    • B. 

      Running a database in debugging mode

    • C. 

      Using GET method instead of POST method when submitting a web form

    • D. 

      Using * in a SELECT statement

  • 9. 
    A web server, which is configured to use TLS with AES-GCM-256, SHA-384 and ECDSA, recently suffered an information loss breach. Choose which of the following is MOST likely the cause
    • A. 

      Insuffient key bit length

    • B. 

      Weak cipher suite

    • C. 

      Unauthenticated encryption method

    • D. 

      Poor implementation

  • 10. 
    During a routine vulnerability assessment, the following command was successful: "echo "vrfy 'perl -e 'print "hi" x 500 ' ' " | nc www.company.com 25" Choose which of the following vulnerabilities is being exploited
    • A. 

      Buffer overflow directed at a specific host MTA

    • B. 

      SQL injection directed at a web server

    • C. 

      Cross-site scripting directed at www.company.com

    • D. 

      Race condition in a UNIX shell script

Back to Top Back to top