Owasp Top 10

26 Questions

Settings
Please wait...
Web Application Quizzes & Trivia

Basic questions which tests the candidate knowledge on OWASP guidelines.


Questions and Answers
  • 1. 
    What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
    • A. 

      LDAP Injection

    • B. 

      XML Injection

    • C. 

      SQL Injection

    • D. 

      OS Commanding

  • 2. 
    What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?
    • A. 

      Security Misconfiguration

    • B. 

      Cross Site Scripting

    • C. 

      Insecure Direct Object References

    • D. 

      Broken Authentication and Session Management

  • 3. 
    What flaw arises from session tokens having poor randomness across a range of values?
    • A. 

      Insecure Direct Object References

    • B. 

      Session Replay

    • C. 

      Session Fixation

    • D. 

      Session Hijacking

  • 4. 
    An attack technique that forces a user’s session credential or session ID to an explicit value.
    • A. 

      Brute Force Attack

    • B. 

      Session Hijacking

    • C. 

      Session Fixation

    • D. 

      Dictionary Attack

  • 5. 
    An attack technique that forces a user’s session credential or session ID to an explicit value.
    • A. 

      Brute Force Attack

    • B. 

      Session Hijacking

    • C. 

      Dictionary Attack

    • D. 

      Session Fixation

  • 6. 
    What threat arises from not flagging HTTP cookies with tokens as secure?
    • A. 

      Session Hijacking

    • B. 

      Insecure Cryptographic Storage

    • C. 

      Access Control Violation

    • D. 

      Session Replay

  • 7. 
    Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites.
    • A. 

      SQL Injection

    • B. 

      Cross site scripting

    • C. 

      Malware Uploading

    • D. 

      Man in the middle

  • 8. 
    What flaw can lead to exposure of resources or functionality to unintended actors?
    • A. 

      Session Fixation

    • B. 

      Improper Authentication

    • C. 

      Insecure Cryptographic Storage

    • D. 

      Unvalidated Redirects and Forwards

  • 9. 
    • A. 

      Crypt-analysis of hash values

    • B. 

      Spamming

    • C. 

      Authorization Bypass

    • D. 

      Authentication bypass

  • 10. 
    • A. 

      SQL Injection

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Insecure Direct Object References

  • 11. 
    Role-Based Access control helps prevent this OWASP Top 10 weakness
    • A. 

      Failure to restrict URL Access

    • B. 

      Unvalidated Redirect or Forward

    • C. 

      Security Misconfiguration

    • D. 

      Insufficient Transport Layer Protection

  • 12. 
    What is the type of flaw that occurs when untrusted user entered data is sent to the interpreter as part of a query or command?
    • A. 

      Insecure Direct Object References

    • B. 

      Injection

    • C. 

      Cross Site Request Forgery

    • D. 

      Insufficient Transport Layer Protection

  • 13. 
    For every link or form which invoke state-changing functions with an unpredictable token for each user what attack can be prevented?
    • A. 

      OS Commanding

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Cross Site Tracing

  • 14. 
    For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
    • A. 

      Session Replay

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Session Hijacking

  • 15. 
    Attack that exploits the trust that a site has in a user's browser
    • A. 

      Session Hijacking

    • B. 

      Cross Site Request Forgery

    • C. 

      SQL Injection

    • D. 

      Cross Site Scripting

  • 16. 
    For an an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
    • A. 

      SQL Injection

    • B. 

      Brute Forcing of stored encrypted credentials

    • C. 

      XML Injection

    • D. 

      Access to sensitive data possible

  • 17. 
    We can allow client side scripts to execute in the browsers for needed operations.
    • A. 

      True

    • B. 

      False

  • 18. 
    Session related vulnerabilities
    • A. 

      Session Fixation

    • B. 

      Session Hijacking

    • C. 

      Session Tracing

    • D. 

      Session Spotting

    • E. 

      Session Spoofing

  • 19. 
    What is phishing?
    • A. 

      Data transfer protocol

    • B. 

      Email Scam

    • C. 

      Network scandal

    • D. 

      Cross domain scandal

  • 20. 
    What is a cookie
    • A. 

      A computer virus

    • B. 

      A file that makes it easier to access a Web site and browse

    • C. 

      A file that hackers use to steal your identity

    • D. 

      Web application file

  • 21. 
    • A. 

      Hurry to provide all the information so you can claim your prize as quickly as possible

    • B. 

      Contact your caisse to confirm the information

    • C. 

      Answer the e-mail and ask them to call you with more information.

    • D. 

      Forward the mail to others for their opinion.

  • 22. 
    An IP Address is the Internet equivalent of
    • A. 

      Your mailing address

    • B. 

      Your Birth Date

    • C. 

      Your modem configuration number

    • D. 

      Your social security number

  • 23. 
    • A. 

      Many companies do not have a written security policy in place.

    • B. 

      Many companies do not have physical security for the company networks

    • C. 

      Many companies have insufficient protection between the Internet and company networks.

    • D. 

      Many companies have insufficient information about the traffic over the company networks.

  • 24. 
    The use of proper security techniques can
    • A. 

      Minimize the threat of attackers

    • B. 

      Allow access to unauthorized users

    • C. 

      Prevent most hackers from accessing your system

    • D. 

      Provide 100 percent security

  • 25. 
    • A. 

      A hacker cannot steal a legitimate user's identity

    • B. 

      Users will not have access to and misuse system resources

    • C. 

      Only the resources authorized for that user will be at risk

    • D. 

      Hackers will not pose as legitimate users

  • 26. 
    • A. 

      Difficult to use, so that prevents access

    • B. 

      Highly secure, easy to use, flexible, and scalable

    • C. 

      One that provides comprehensive alarming and reporting

    • D. 

      Capable of ensuring that there is no hacker activity