IAW-P2
B. Registry keys
36) Which of the following objects is most susceptible to an insecure direct object reference attack? A. Nonpersistent cookies B. Registry keys C. Conditional constructs D. GET/POST parameters
D. Accessing a resource without authorization.
37) Which of the following vulnerabilities is most likely to occur due to an insecure direct object reference attack? A. Executing commands on the server. B. Impersonating any user on the system. C. Modifying SQL data pointed to by the query. D. Accessing a resource without authorization.
A. Use session-based indirection.
38) Which of the following is the best way to mitigate the threat of an insecure direct object reference attack? A. Use session-based indirection. B. Use POST parameters instead of GET parameters. C. Use a regular expression. D. Send successful logins to a well-known location instead of automatic redirection.
A. True
39) State whether the following statement is True or False. Time of Check Time of Use (TOCTOU) occurs if the authorization check is performed on one page of a Web site and the resource is used on a different page. A. True B. False
B. Insecure direct object reference
40) Your Web application stores information about many accounts. Which threat is your Web application susceptible to if you can manipulate the URL of an account page to access all accounts? A. Cross-site request forgery B. Insecure direct object reference C. Cross-site scripting D. Injection
B. Insecure direct object reference
41) Which of the following threats is most likely to be caused by poor input validation? A. Enabling of IPSec B. Insecure direct object reference C. Insecure cryptographic storage D. Insufficient transport layer protection
A. Cross-site request forgery
42) Which threat is most likely to occur when a POST parameter performs an operation on behalf of a user without checking a shared secret? A. Cross-site request forgery B. Insecure direct object reference C. Cross-site scripting D. Injection
A. Elevation of privilege
43) Which of the following is the most common result of a cross-site request forgery? A. Elevation of privilege B. Disabled security features C. Enabling of IPSec D. Misconfigured security features
D. Cross-site request forgery
44) An attacker lures a victim to malicious content on a Web site. A request is automatically sent to the vulnerable site which includes victim's credentials. Which attack is most likely to occur in this scenario? A. Injection B. Cross-site scripting C. Insecure direct object reference D. Cross-site request forgery
B. False
45) State whether the following statement is True or False. The downside of a nonce is that it needs to be stored on the client. A. True B. False
D. Timestamp
46) What should you add to an HMAC to ensure that the secret value is unique for each request? A. Salt B. Nonce C. Session ID D. Timestamp
C. Don't include secrets in the URL.
47) Which of the following practices should you observe in order to implement defense-in-depth techniques against CSRF attacks? A. Use GET parameters B. Use automatic redirection. C. Don't include secrets in the URL. D. Resubmit POST parameters during redirection.
B. False
48) State whether the following statement is True or False. HTTP GET parameters limit the types of manipulation a malicious user can perform on the victim to forge a request. A. True B. False
B. Failure to disable default accounts
49) Which of the following mistakes is most often associated with a security misconfiguration threat? A. Cross-site request forgery B. Failure to disable default accounts C. Bad cryptography D. Unsafe key storage
B. Security misconfiguration
50) You have not yet applied some recent service packs and updates to your Web application. Which of the following threats is your Web server susceptible to? A. Injection B. Security misconfiguration C. Insecure cryptographic storage D. Cross-site request forgery
A. Add or remove network segments.
51) Which of the following is the best way to reevaluate your environment and address new threats? A. Add or remove network segments. B. Use the white-list validation of allowed input technique. C. Use custom cryptographic algorithms. D. Use your browser to forge unauthorized requests.
A. Disable unnecessary features.
52) Which of the following procedures are involved in the hardening process? A. Disable unnecessary features. B. Resubmit POST parameters during redirection. C. Repeat the process at random intervals. D. Update the environment with changes only when needed.
A. Your application may not work as expected.
53) Which of the following consequence is most likely to result if your production environment does not match your development, testing, and staging environments? A. Your application may not work as expected. B. Testing your application may take a long time. C. Your application may be expensive to administer. D. Your application may have too many configuration files.
A. Unsalted hash
54) Which of the following can result in insecure cryptography? A. Unsalted hash B. Unused services C. Default accounts D. Rotating keys frequently
B. Unsalted hash
55) Which of the following is most likely to result in insecure cryptography? A. Unused services B. Unsalted hash C. New products D. Missing patches
B. Insufficient cryptographic protocols
56) Which of the following may result in cryptographic weakness? A. Failure to restrict URL access B. Insufficient cryptographic protocols C. Missing patches D. Unnecessary/unused services or features
C. IPSec
57) Which of the following protocols is a network layer encryption protocol? A. HTTP B. EFS C. IPSec D. Kerberos
A. Complexity
58) Which of the following factors helps you secure keys? A. Complexity B. Session-based indirection C. Escaping D. Encryption
B. Digital signature
59) Which of the following combines public-key cryptography with a cryptographic hash? A. Nonce B. Digital signature C. SSL D. Salt
C. Attackers invoke functions and services they have no authorization for
60) hich of the following depicts the typical impact of failure to restrict URL access? A. Attackers perform man-in-the-middle attacks. B. Attackers impersonate any user on the system. C. Attackers invoke functions and services they have no authorization for D. Attackers perform all actions that the victims themselves have permission to perform.
D. Use your browser to forge unauthorized requests
61) Which of the following actions should you take to test the security of your Web application? A. Use policy mechanisms. B. Use a simple and positive model at every layer. C. Set the secure flag on session ID cookies. D. Use your browser to forge unauthorized requests
B. SSL
62) Which of the following should you use to protect the connections between the physical tiers of your application? A. EFS B. SSL C. HTTP D. Kerberos
B. Enable SSL
63) Which of the following is the best way to implement transport layer protection? A. Install IDS B. Enable SSL C. Set the HttpOnly flag on session ID cookies D. Perform client-side validation.
D. Bypassed authorization checks
64) Which of the following is most likely to result from unvalidated redirects and forwards? A. Brute force attack B. Network sniffing C. Man-in-the-middle attack D. Bypassed authorization checks
A. Validate the referrer header.
65) Which of the following is the best way to protect a Web application from unvalidated redirects and forwards? A. Validate the referrer header. B. Use extended validation certificates. C. Use the escaping technique. D. Disallow requests to unauthorized file types.
C. Use weblogs to identify redirects and forwards
66) Which of the following is the best way to detect unvalidated redirects and forwards? A. Use internal transfers without authorizing the user for target URL B. Use your browser to forge unauthorized requests C. Use weblogs to identify redirects and forwards D. Use policy mechanisms
A. True
67) State whether the following statement is True or False. Most security issues are related to input and a user's ability to interact with and control input. A. True B. False
A. True
68) State whether the following statement is True or False. If user input can be confused for instructions in the language or the way the language is applied, then the language is vulnerable to an injection attack. A. True B. False
A. When user input is echoed back to the user in HTML
69) In which of the following scenarios should you use the escaping technique? A. When user input is echoed back to the user in HTML B. When you need to validate any input as valid input C. When you are trying to protect against regular expression injection D. When you need to tell the interpreter that input is code
A. Use an allow list, such as table indirection.
70) Which of the following is the best way to prevent unvalidated redirect and forwards vulnerabilities? A. Use an allow list, such as table indirection. B. Use client-side validation. C. Allow only absolute redirects. D. Use session-based indirection.
