Dfw6013 Security Web Programming

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Mohd Amirul
M
Mohd Amirul
Community Contributor
Quizzes Created: 1 | Total Attempts: 56
Questions: 10 | Attempts: 56

SettingsSettingsSettings
Dfw6013 Security Web Programming - Quiz

SECURITY IN WEB PROGRAMMING covers Web safety and browser vulnerabilities, privacy concerns, issues with Java, JavaScript, ActiveX, and all things Web and security related. Various protocols, and approaches to provide web services in as secure a manner as possible will be investigated, to include: digital certificates SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API.
INSTRUCTION: This section consists of TEN (10) objective questions.


Questions and Answers
  • 1. 

    Identify what THREE (3) threats are email based? i. spam ii. attachment-based attacks iii. email address spoofing iv. insufficient user authentication

    • A.

      I, ii & iii

    • B.

      Ii, iii & iv

    • C.

      I, iii & iv

    • D.

      I, ii & iv

    Correct Answer
    A. I, ii & iii
    Explanation
    The correct answer is i, ii & iii. Spam, attachment-based attacks, and email address spoofing are all threats that can originate from email. Spam refers to unsolicited bulk emails that can contain malicious links or attachments. Attachment-based attacks involve sending malicious files or documents via email to exploit vulnerabilities in the recipient's system. Email address spoofing is when an attacker disguises their email address to make it appear as if it is coming from a trusted source, often to trick the recipient into revealing sensitive information or downloading malware.

    Rate this question:

  • 2. 

    Identify the reason can HTTPS traffic make security monitoring difficult.

    • A.

      Encryption

    • B.

      Large packet header  

    • C.

      Signature detection takes longer

    • D.

      SSL interception

    Correct Answer
    B. Large packet header  
    Explanation
    HTTPS traffic can make security monitoring difficult due to the large packet header. The packet header contains information about the source and destination of the data, as well as other details necessary for the proper transmission of the data. In the case of HTTPS, the packet header is larger than in regular HTTP traffic because it includes additional information related to the encryption and decryption process. This larger header size can make it more challenging for security monitoring tools to analyze and inspect the traffic effectively, potentially hindering their ability to detect and mitigate security threats.

    Rate this question:

  • 3. 

    Identify which of following would meet the requirements for multifactor authentication

    • A.

      Username, PIN and employee ID number

    • B.

      ​​​​​​​Fingerprint and Password

    • C.

      ​​​​​​​Smart card and hardware token

    • D.

      Voice recognition and retina scan

    Correct Answer
    B. ​​​​​​​Fingerprint and Password
    Explanation
    The combination of fingerprint and password meets the requirements for multifactor authentication because it combines something the user is (fingerprint) with something the user knows (password). This adds an extra layer of security as it requires both biometric data and a unique password for the user to authenticate their identity.

    Rate this question:

  • 4. 

    Choose the TRUE statement about the following statements are true about system vulnerabilities i. A vulnerability is a threat on a system ii. A vulnerability is an exploitable weakness in a system or its design. iii. Vulnerabilities can be found in protocols, operating system, application, hardware and system design. iv. Vulnerabilities are exploits that are discovered every day in software and hardware products.

    • A.

      I & ii

    • B.

      Ii & iii

    • C.

      Ii & iv

    • D.

      Iii & iv

    Correct Answer
    B. Ii & iii
    Explanation
    The correct answer is ii & iii. This is because statement ii states that a vulnerability is an exploitable weakness in a system or its design, which is true. Statement iii states that vulnerabilities can be found in protocols, operating system, application, hardware, and system design, which is also true. Therefore, both statements ii and iii are true about system vulnerabilities.

    Rate this question:

  • 5. 

    Identify which of the following is the LEAST secure hashing algorithm

    • A.

      SHA1

    • B.

      RIPEMD

    • C.

      MD5

    • D.

      DES

    Correct Answer
    C. MD5
    Explanation
    MD5 is the least secure hashing algorithm among the options given. MD5 is a widely used algorithm, but it is considered to be weak and vulnerable to various attacks. It has been proven to have collision vulnerabilities, where two different inputs can produce the same hash value. This makes it easier for attackers to manipulate data and create malicious files with the same hash as legitimate ones. In contrast, SHA1, RIPEMD, and DES are more secure and have fewer vulnerabilities compared to MD5.

    Rate this question:

  • 6. 

    Choose TCP port does SSL/TLS use for HTTPS communication.

    • A.

      TCP 563

    • B.

      TCP 626

    • C.

      TCP 80

    • D.

      TCP 443

    Correct Answer
    D. TCP 443
    Explanation
    HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that uses SSL/TLS encryption to protect the communication between a client and a server. SSL/TLS uses TCP (Transmission Control Protocol) as the underlying transport protocol. TCP port 443 is the designated port for HTTPS communication, allowing secure and encrypted data transfer between the client and the server.

    Rate this question:

  • 7. 

    Choose the countermeasures that can reduce the threat of Cross-Site Request Forgery (CSRF)? i. Educate user to recognize possible phishing attacks. ii. Deny access to the public internet from workstations and laptops. iii.Visit OWASP.org website for up to date information and guidance on developing web content. iv. Implement a proxy server solution for user that access the internet.

    • A.

      I&ii

    • B.

      I&iii

    • C.

      Ii&iii

    • D.

      Iii&iv

    Correct Answer
    D. Iii&iv
    Explanation
    The countermeasures that can reduce the threat of Cross-Site Request Forgery (CSRF) are visiting the OWASP.org website for up-to-date information and guidance on developing web content, and implementing a proxy server solution for users who access the internet. By regularly checking the OWASP website, developers can stay informed about the latest security vulnerabilities and best practices to prevent CSRF attacks. Implementing a proxy server can help filter and monitor incoming and outgoing web requests, adding an extra layer of protection against CSRF attacks.

    Rate this question:

  • 8. 

    Identify the option can lead to an SQL injection attack

    • A.

      Insufficient user input validation

    • B.

      Running a database in debugging mode

    • C.

      Using GET method instead of POST method when submitting a web form

    • D.

      Using * in a SELECT statement

    Correct Answer
    A. Insufficient user input validation
    Explanation
    Insufficient user input validation can lead to an SQL injection attack. This means that the system does not properly validate or sanitize user input, allowing malicious SQL code to be injected into the query. This can give attackers unauthorized access to the database and potentially manipulate or retrieve sensitive information. It is important to implement proper input validation and parameterized queries to prevent SQL injection attacks.

    Rate this question:

  • 9. 

    A web server, which is configured to use TLS with AES-GCM-256, SHA-384 and ECDSA, recently suffered an information loss breach. Choose which of the following is MOST likely the cause

    • A.

      Insuffient key bit length

    • B.

      Weak cipher suite

    • C.

      Unauthenticated encryption method

    • D.

      Poor implementation

    Correct Answer
    D. Poor implementation
    Explanation
    The correct answer is "Poor implementation." This means that the web server's configuration and setup were not properly implemented, leading to the information loss breach. It suggests that there may have been flaws or mistakes in the way the server was set up, which allowed for the breach to occur. It is not related to the other options such as insufficient key bit length, weak cipher suite, or unauthenticated encryption method.

    Rate this question:

  • 10. 

    During a routine vulnerability assessment, the following command was successful: "echo "vrfy 'perl -e 'print "hi" x 500 ' ' " | nc www.company.com 25" Choose which of the following vulnerabilities is being exploited

    • A.

      Buffer overflow directed at a specific host MTA

    • B.

      SQL injection directed at a web server

    • C.

      Cross-site scripting directed at www.company.com

    • D.

      Race condition in a UNIX shell script

    Correct Answer
    A. Buffer overflow directed at a specific host MTA
    Explanation
    The successful execution of the command "echo 'vrfy 'perl -e 'print "hi" x 500 ' ' ' | nc www.company.com 25" suggests that a buffer overflow vulnerability is being exploited. This is indicated by the use of the "print" function in Perl to generate a large amount of data (in this case, the string "hi" repeated 500 times) and sending it to the specified host MTA (Mail Transfer Agent) using the netcat (nc) command. The intention is to overflow the buffer in the MTA and potentially execute malicious code or gain unauthorized access.

    Rate this question:

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.