OWASP Top 10 Quiz With Answers
(123).jpg "OWASP Top 10 Quiz With Answers - Quiz")
Welcome to the OWASP top 10 quiz. The OWASP Top 10 document is a special type of standard awareness document that provides broad consensus information about the most critical security risks to web applications. If you are a web developer, then you must take this 'OWASP top 10' quiz and test your knowledge of this topic. So, are you ready to test your brain skills? Let's start the quiz then. All the best!
- 1.What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
- A.
LDAP Injection
- B.
XML Injection
- C.
SQL Injection
- D.
OS Commanding
- 2.What happens when an application takes user-inputted data and sends it to a web browser without proper validation and escaping?
- A.
Security Misconfiguration
- B.
Cross Site Scripting
- C.
Insecure Direct Object References
- D.
Broken Authentication and Session Management
- 3.What flaw arises from session tokens having poor randomness across a range of values?
- A.
Insecure Direct Object References
- B.
Session Replay
- C.
Session Fixation
- D.
Session Hijacking
- 4.An attack technique that forces a user’s session credential or session ID to an explicit value.
- A.
Brute Force Attack
- B.
Session Hijacking
- C.
Session Fixation
- D.
Dictionary Attack
- 5.An attack technique that forces a user’s session credential or session ID to an explicit value.
- A.
Brute Force Attack
- B.
Session Hijacking
- C.
Dictionary Attack
- D.
Session Fixation
- 6.What threat arises from not flagging HTTP cookies with tokens as secure?
- A.
Session Hijacking
- B.
Insecure Cryptographic Storage
- C.
Access Control Violation
- D.
Session Replay
- 7.Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?
- A.
SQL Injection
- B.
Cross site scripting
- C.
Malware Uploading
- D.
Man in the middle
- 8.What flaw can lead to exposure of resources or functionality to unintended actors?
- A.
Session Fixation
- B.
Improper Authentication
- C.
Insecure Cryptographic Storage
- D.
Unvalidated Redirects and Forwards
- 9.Which threat can be prevented by having unique usernames generated with a high degree of entropy?
- A.
Crypt-analysis of hash values
- B.
Spamming
- C.
Authorization Bypass
- D.
Authentication bypass
- 10.What threat are you vulnerable to if you do not validate the authorization of the user for direct references to restricted resources?
- A.
SQL Injection
- B.
Cross Site Scripting
- C.
Cross Site Request Forgery
- D.
Insecure Direct Object References
- 11.Role-Based Access control helps prevent this OWASP Top 10 weakness.
- A.
Failure to restrict URL Access
- B.
Unvalidated Redirect or Forward
- C.
Security Misconfiguration
- D.
Insufficient Transport Layer Protection
- 12.What is the type of flaw that occurs when untrusted user-entered data is sent to the interpreter as part of a query or command?
- A.
Insecure Direct Object References
- B.
Injection
- C.
Cross Site Request Forgery
- D.
Insufficient Transport Layer Protection
- 13.For every link or form which invokes state-changing functions with an unpredictable token for each user what attack can be prevented?
- A.
OS Commanding
- B.
Cross Site Scripting
- C.
Cross Site Request Forgery
- D.
Cross Site Tracing
- 14.For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
- A.
Session Replay
- B.
Cross Site Scripting
- C.
Cross Site Request Forgery
- D.
Session Hijacking
- 15.The attack exploits the trust that a site has in a user's browser.
- A.
Session Hijacking
- B.
Cross Site Request Forgery
- C.
SQL Injection
- D.
Cross Site Scripting
- 16.For an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
- A.
SQL Injection
- B.
Brute Forcing of stored encrypted credentials
- C.
XML Injection
- D.
Access to sensitive data possible
- 17.We can allow client-side scripts to execute in the browsers for needed operations.
- A.
True
- B.
False
- 18.Session related vulnerabilities.
- A.
Session Fixation
- B.
Session Hijacking
- C.
Session Tracing
- D.
Session Spotting
- E.
Session Spoofing
- 19.What is phishing?
- A.
Data transfer protocol
- B.
Email Scam
- C.
Network scandal
- D.
Cross domain scandal
- 20.What is a cookie?
- A.
A computer virus
- B.
A file that makes it easier to access a Web site and browse.
- C.
A file that hackers use to steal your identity.
- D.
Web application file
- 21.You receive an e-mail from Desjardins saying that you have won a contest. What should you do?
- A.
Hurry to provide all the information so you can claim your prize as quickly as possible.
- B.
Contact your caisse to confirm the information.
- C.
Answer the e-mail and ask them to call you with more information.
- D.
Forward the mail to others for their opinion.
- 22.An IP Address is the Internet equivalent of:
- A.
Your mailing address
- B.
Your Birth Date
- C.
Your modem configuration number
- D.
Your social security number
- 23.Statistics show that many companies connected to the Internet are not sufficiently secure. Why not?
- A.
Many companies do not have a written security policy in place.
- B.
Many companies do not have physical security for the company networks
- C.
Many companies have insufficient protection between the Internet and company networks.
- D.
Many companies have insufficient information about the traffic over the company networks.
- 24.The use of proper security techniques can:
- A.
Minimize the threat of attackers
- B.
Allow access to unauthorized users
- C.
Prevent most hackers from accessing your system.
- D.
Provide 100 percent security
- 25.Network permissions should be established so that users can accomplish their tasks, but cannot access any system resources that are not necessary so that:
- A.
A hacker cannot steal a legitimate user's identity.
- B.
Users will not have access to and misuse system resources.
- C.
Only the resources authorized for that user will be at risk.
- D.
Hackers will not pose as legitimate users.
Back to top