OWASP Exam Project Quiz

26 Questions | Total Attempts: 25584

SettingsSettingsSettings
OWASP Exam Project Quiz - Quiz

Are you preparing for the OWASP exam? If yes, then you must take this 'OWASP Exam Project' quiz as it will help you with your preparations. Here we will ask you a few questions related to the OWASP and you will be able to judge your knowledge by looking at your score. So are you ready to take this test? All the best!


Questions and Answers
  • 1. 
    What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
    • A. 

      LDAP Injection

    • B. 

      XML Injection

    • C. 

      SQL Injection

    • D. 

      Blind XML Injection

  • 2. 
    What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?
    • A. 

      Security Misconfiguration

    • B. 

      XSS

    • C. 

      CSRF

    • D. 

      Insecure Direct Object references

  • 3. 
    What flaw arises from session tokens having poor randomness across a range of values?
    • A. 

      Insecure Direct Object References

    • B. 

      Session Hijacking

    • C. 

      Dictionary Attack

    • D. 

      Session Fixation

  • 4. 
    An attack technique that forces a user’s session credential or session ID to an explicit value.
    • A. 

      Brute Force Attack

    • B. 

      Session Hijacking

    • C. 

      Dictionary Attack

    • D. 

      Session Fixation

  • 5. 
    What threat arises from not flagging HTTP cookies with tokens as secure?
    • A. 

      Session Hijacking

    • B. 

      Insecure Cryptographic Storage

    • C. 

      Access Control Violation

    • D. 

      Session Replay

  • 6. 
    Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites.
    • A. 

      SQL Injection

    • B. 

      XSS

    • C. 

      Malware Upload

    • D. 

      Man in the Middle

  • 7. 
    What flaw can lead to exposure of resources or functionality to unintended actors?
    • A. 

      Session Fixation

    • B. 

      Improper Authentication

    • C. 

      Insecure Cryptographic Storage

    • D. 

      XSS

  • 8. 
    Which threat can be prevented by having unique usernames generated with a high degree of entropy?
    • A. 

      Crypt analysis of hash values

    • B. 

      Authentication bypass

    • C. 

      Spamming

    • D. 

      Authorization bypass

  • 9. 
    What threat are you vulnerable to if you do not validate authorization of user for direct references to restricted resources?
    • A. 

      Injection

    • B. 

      XSS

    • C. 

      CSRF

    • D. 

      Insecure Direct object references

  • 10. 
    Role-Based Access control helps prevent this OWASP Top 10 weakness
    • A. 

      Failure to restrict url access

    • B. 

      Insecure direct object references

    • C. 

      Authorization bypass

    • D. 

      Improper authentication

  • 11. 
    What is the type of flaw that occurs when untrusted user entered data is sent to the interpreter as part of a query or command?
    • A. 

      XSS

    • B. 

      Injection

    • C. 

      Command Shell attack

    • D. 

      OS fingerprinting

  • 12. 
    For every link or form which invoke state-changing functions with an unpredictable token for each user what attack can be prevented
    • A. 

      OS Commanding

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Cross Site Tracing

  • 13. 
    For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
    • A. 

      Session Replay

    • B. 

      Cross-site Scripting

    • C. 

      Cross-site Request Forgery

    • D. 

      Session Hijacking

  • 14. 
    Attack that exploits the trust that a site has in a user's browser is called ____________. 
    • A. 

      Session Hijacking

    • B. 

      Cross Site Request Forgery

    • C. 

      Injection

    • D. 

      XFS(Cross Frame Scripting)

  • 15. 
    For an an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
    • A. 

      SQL Injection

    • B. 

      Brute Forcing of stored encrypted credentials

    • C. 

      XML Injection

    • D. 

      Access to sensitive data possible

  • 16. 
    We can allow client side scripts to execute in the browsers for needed operations. State true or false. 
    • A. 

      True

    • B. 

      False

  • 17. 
    Which of these are categorized as 'session-related vulnerabilities'?
    • A. 

      Session Fixation

    • B. 

      Session Spoofing

    • C. 

      Session Hijacking

    • D. 

      Session Tracing

    • E. 

      Session Scripting

  • 18. 
    What is phishing?
    • A. 

      Data transfer protocol

    • B. 

      Email Scam

    • C. 

      Network scandal

    • D. 

      Cross domain scandal

  • 19. 
    Define Cookie.
    • A. 

      Computer virus

    • B. 

      A file that makes it easier to access a Web site and browse.

    • C. 

      A file that hackers use to steal your identity.

    • D. 

      Web application file

  • 20. 
    You receive an e-mail from Desjardins saying that you have won a contest. What should you do?
    • A. 

      Hurry to provide all the information so you can claim your prize as quickly as possible

    • B. 

      Answer the e-mail and ask them to call you with more information

    • C. 

      Forward the mail to others for their opinion

    • D. 

      Contact your caisse to confirm the information

  • 21. 
    An IP Address is the Internet equivalent of ______________. 
    • A. 

      Your mailing address

    • B. 

      Your Birth Date

    • C. 

      Your modem configuration number

    • D. 

      Your social security number

  • 22. 
    Network permissions should be established so that users can accomplish their tasks, but cannot access any system resources that are not necessary so that ____________________________. 
    • A. 

      A hacker cannot steal a legitimate user's identity.

    • B. 

      Users will not have access to and misuse system resources.

    • C. 

      Only the resources authorized for that user will be at risk.

    • D. 

      Hackers will not pose as legitimate users

  • 23. 
    Statistics show that many companies connected to the Internet are not sufficiently secure. Why not?
    • A. 

      Many companies do not have a written security policy in place

    • B. 

      Many companies do not have physical security

    • C. 

      Many companies have insufficient protection between the Internet and company networks

    • D. 

      Many companies have insufficient information about the traffic over the company networks

    • E. 

      All the above

  • 24. 
    The use of proper security techniques can _______________. 
    • A. 

      Minimize the threat of attackers

    • B. 

      Allow access to unauthorized users

    • C. 

      Prevent most hackers from accessing your system

    • D. 

      Provide 100 percent security

  • 25. 
    The characteristics of an effective security system are that the system is _______________. 
    • A. 

      Difficult to use, so that prevents access

    • B. 

      Highly secure, easy to use, flexible, and scalable

    • C. 

      One that provides comprehensive alarming and reporting

    • D. 

      Capable of ensuring that there is no hacker activity

    • E. 

      All d above

×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.