Owasp Top 10
Settings
-
+
Basic questions which tests the candidate knowledge on OWASP guidelines.
- 1.What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
- A.
LDAP Injection
- B.
XML Injection
- C.
SQL Injection
- D.
OS Commanding
- 2.What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?
- A.
Security Misconfiguration
- B.
Cross Site Scripting
- C.
Insecure Direct Object References
- D.
Broken Authentication and Session Management
- 3.What flaw arises from session tokens having poor randomness across a range of values?
- A.
Insecure Direct Object References
- B.
Session Replay
- C.
Session Fixation
- D.
Session Hijacking
- 4.An attack technique that forces a user’s session credential or session ID to an explicit value.
- A.
Brute Force Attack
- B.
Session Hijacking
- C.
Session Fixation
- D.
Dictionary Attack
- 5.An attack technique that forces a user’s session credential or session ID to an explicit value.
- A.
Brute Force Attack
- B.
Session Hijacking
- C.
Dictionary Attack
- D.
Session Fixation
- 6.What threat arises from not flagging HTTP cookies with tokens as secure?
- A.
Session Hijacking
- B.
Insecure Cryptographic Storage
- C.
Access Control Violation
- D.
Session Replay
- 7.Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites.
- A.
SQL Injection
- B.
Cross site scripting
- C.
Malware Uploading
- D.
Man in the middle
- 8.What flaw can lead to exposure of resources or functionality to unintended actors?
- A.
Session Fixation
- B.
Improper Authentication
- C.
Insecure Cryptographic Storage
- D.
Unvalidated Redirects and Forwards
- 9.
- A.
Crypt-analysis of hash values
- B.
Spamming
- C.
Authorization Bypass
- D.
Authentication bypass
- 10.
- A.
SQL Injection
- B.
Cross Site Scripting
- C.
Cross Site Request Forgery
- D.
Insecure Direct Object References
- 11.Role-Based Access control helps prevent this OWASP Top 10 weakness
- A.
Failure to restrict URL Access
- B.
Unvalidated Redirect or Forward
- C.
Security Misconfiguration
- D.
Insufficient Transport Layer Protection
- 12.What is the type of flaw that occurs when untrusted user entered data is sent to the interpreter as part of a query or command?
- A.
Insecure Direct Object References
- B.
Injection
- C.
Cross Site Request Forgery
- D.
Insufficient Transport Layer Protection
- 13.For every link or form which invoke state-changing functions with an unpredictable token for each user what attack can be prevented?
- A.
OS Commanding
- B.
Cross Site Scripting
- C.
Cross Site Request Forgery
- D.
Cross Site Tracing
- 14.For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
- A.
Session Replay
- B.
Cross Site Scripting
- C.
Cross Site Request Forgery
- D.
Session Hijacking
- 15.Attack that exploits the trust that a site has in a user's browser
- A.
Session Hijacking
- B.
Cross Site Request Forgery
- C.
SQL Injection
- D.
Cross Site Scripting
- 16.For an an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
- A.
SQL Injection
- B.
Brute Forcing of stored encrypted credentials
- C.
XML Injection
- D.
Access to sensitive data possible
- 17.We can allow client side scripts to execute in the browsers for needed operations.
- A.
True
- B.
False
- 18.Session related vulnerabilities
- A.
Session Fixation
- B.
Session Hijacking
- C.
Session Tracing
- D.
Session Spotting
- E.
Session Spoofing
- 19.What is phishing?
- A.
Data transfer protocol
- B.
Email Scam
- C.
Network scandal
- D.
Cross domain scandal
- 20.What is a cookie
- A.
A computer virus
- B.
A file that makes it easier to access a Web site and browse
- C.
A file that hackers use to steal your identity
- D.
Web application file
- 21.
- A.
Hurry to provide all the information so you can claim your prize as quickly as possible
- B.
Contact your caisse to confirm the information
- C.
Answer the e-mail and ask them to call you with more information.
- D.
Forward the mail to others for their opinion.
- 22.An IP Address is the Internet equivalent of
- A.
Your mailing address
- B.
Your Birth Date
- C.
Your modem configuration number
- D.
Your social security number
- 23.
- A.
Many companies do not have a written security policy in place.
- B.
Many companies do not have physical security for the company networks
- C.
Many companies have insufficient protection between the Internet and company networks.
- D.
Many companies have insufficient information about the traffic over the company networks.
- 24.The use of proper security techniques can
- A.
Minimize the threat of attackers
- B.
Allow access to unauthorized users
- C.
Prevent most hackers from accessing your system
- D.
Provide 100 percent security
- 25.
- A.
A hacker cannot steal a legitimate user's identity
- B.
Users will not have access to and misuse system resources
- C.
Only the resources authorized for that user will be at risk
- D.
Hackers will not pose as legitimate users
- 26.
- A.
Difficult to use, so that prevents access
- B.
Highly secure, easy to use, flexible, and scalable
- C.
One that provides comprehensive alarming and reporting
- D.
Capable of ensuring that there is no hacker activity
Back to top