OWASP Top 10 Quiz: Trivia!

26 Questions | Total Attempts: 9361

SettingsSettingsSettings
Please wait...
OWASP Top 10 Quiz: Trivia!

.


Questions and Answers
  • 1. 
    What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
    • A. 

      LDAP Injection

    • B. 

      XML Injection

    • C. 

      SQL Injection

    • D. 

      OS Commanding

  • 2. 
    What happens when an application takes user-inputted data and sends it to a web browser without proper validation and escaping?
    • A. 

      Security Misconfiguration

    • B. 

      Cross Site Scripting

    • C. 

      Insecure Direct Object References

    • D. 

      Broken Authentication and Session Management

  • 3. 
    What flaw arises from session tokens having poor randomness across a range of values?
    • A. 

      Insecure Direct Object References

    • B. 

      Session Replay

    • C. 

      Session Fixation

    • D. 

      Session Hijacking

  • 4. 
    An attack technique that forces a user’s session credential or session ID to an explicit value.
    • A. 

      Brute Force Attack

    • B. 

      Session Hijacking

    • C. 

      Session Fixation

    • D. 

      Dictionary Attack

  • 5. 
    An attack technique that forces a user’s session credential or session ID to an explicit value.
    • A. 

      Brute Force Attack

    • B. 

      Session Hijacking

    • C. 

      Dictionary Attack

    • D. 

      Session Fixation

  • 6. 
    What threat arises from not flagging HTTP cookies with tokens as secure?
    • A. 

      Session Hijacking

    • B. 

      Insecure Cryptographic Storage

    • C. 

      Access Control Violation

    • D. 

      Session Replay

  • 7. 
    Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?
    • A. 

      SQL Injection

    • B. 

      Cross site scripting

    • C. 

      Malware Uploading

    • D. 

      Man in the middle

  • 8. 
    What flaw can lead to exposure of resources or functionality to unintended actors?
    • A. 

      Session Fixation

    • B. 

      Improper Authentication

    • C. 

      Insecure Cryptographic Storage

    • D. 

      Unvalidated Redirects and Forwards

  • 9. 
    • A. 

      Crypt-analysis of hash values

    • B. 

      Spamming

    • C. 

      Authorization Bypass

    • D. 

      Authentication bypass

  • 10. 
    • A. 

      SQL Injection

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Insecure Direct Object References

  • 11. 
    Role-Based Access control helps prevent this OWASP Top 10 weakness.
    • A. 

      Failure to restrict URL Access

    • B. 

      Unvalidated Redirect or Forward

    • C. 

      Security Misconfiguration

    • D. 

      Insufficient Transport Layer Protection

  • 12. 
    What is the type of flaw that occurs when untrusted user-entered data is sent to the interpreter as part of a query or command?
    • A. 

      Insecure Direct Object References

    • B. 

      Injection

    • C. 

      Cross Site Request Forgery

    • D. 

      Insufficient Transport Layer Protection

  • 13. 
    For every link or form which invokes state-changing functions with an unpredictable token for each user what attack can be prevented?
    • A. 

      OS Commanding

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Cross Site Tracing

  • 14. 
    For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
    • A. 

      Session Replay

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Session Hijacking

  • 15. 
    The attack exploits the trust that a site has in a user's browser.
    • A. 

      Session Hijacking

    • B. 

      Cross Site Request Forgery

    • C. 

      SQL Injection

    • D. 

      Cross Site Scripting

  • 16. 
    For an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
    • A. 

      SQL Injection

    • B. 

      Brute Forcing of stored encrypted credentials

    • C. 

      XML Injection

    • D. 

      Access to sensitive data possible

  • 17. 
    We can allow client-side scripts to execute in the browsers for needed operations.
    • A. 

      True

    • B. 

      False

  • 18. 
    Session related vulnerabilities.
    • A. 

      Session Fixation

    • B. 

      Session Hijacking

    • C. 

      Session Tracing

    • D. 

      Session Spotting

    • E. 

      Session Spoofing

  • 19. 
    What is phishing?
    • A. 

      Data transfer protocol

    • B. 

      Email Scam

    • C. 

      Network scandal

    • D. 

      Cross domain scandal

  • 20. 
    What is a cookie?
    • A. 

      A computer virus

    • B. 

      A file that makes it easier to access a Web site and browse

    • C. 

      A file that hackers use to steal your identity

    • D. 

      Web application file

  • 21. 
    You receive an e-mail from Desjardins saying that you have won a contest. What should you do?
    • A. 

      Hurry to provide all the information so you can claim your prize as quickly as possible

    • B. 

      Contact your caisse to confirm the information

    • C. 

      Answer the e-mail and ask them to call you with more information.

    • D. 

      Forward the mail to others for their opinion.

  • 22. 
    An IP Address is the Internet equivalent of:
    • A. 

      Your mailing address

    • B. 

      Your Birth Date

    • C. 

      Your modem configuration number

    • D. 

      Your social security number

  • 23. 
    Statistics show that many companies connected to the Internet are not sufficiently secure. Why not?
    • A. 

      Many companies do not have a written security policy in place.

    • B. 

      Many companies do not have physical security for the company networks

    • C. 

      Many companies have insufficient protection between the Internet and company networks.

    • D. 

      Many companies have insufficient information about the traffic over the company networks.

  • 24. 
    The use of proper security techniques can:
    • A. 

      Minimize the threat of attackers

    • B. 

      Allow access to unauthorized users

    • C. 

      Prevent most hackers from accessing your system

    • D. 

      Provide 100 percent security

  • 25. 
    Network permissions should be established so that users can accomplish their tasks, but cannot access any system resources that are not necessary so that:
    • A. 

      A hacker cannot steal a legitimate user's identity

    • B. 

      Users will not have access to and misuse system resources

    • C. 

      Only the resources authorized for that user will be at risk

    • D. 

      Hackers will not pose as legitimate users