Application in Information Security Chapter 9
Web apps are used to _____ a. allow dynamic content b. stream video c. apply scripting d. impose security controls
a. allow dynamic content
Hackers often use __________ instead of cleartext to make the scripts harder to detect. a. hexadecimal character strings b. scripting tags c. cross-site scripting (XSS) d. Simple Network Management Protocol (SNMP)
a. hexadecimal character strings
Which of the following is a Damn Vulnerable Web Application (DVWA) security level that mimics a vulnerable Web application? a. low b. medium c. high d. critical
a. low
True or False? A good way to prevent Structured Query Language (SQL) injection attacks is to use input validation, which ensures that only approved characters are accepted. a. true b. false
a. true
True or False? An organization's Web server is often the public face of the organization that customers and clients see first. a. true b. false
a. true
__________ are scripting langs (pick 2) a. ActiveX b. JavaScript c. CGI d. PHP
b. JavaScript and d. PHP
In general, which of the following is accomplished by appending a valid SQL command to the input that is being passed through a Web form into the database behind it? a. SNMP b. SQL injection c. XSS d. DVWA
b. SQL injection
Typical categories of databases include all of the following EXCEPT: a. relational database b. applied database c. distributed database d. object-oriented programming database
b. applied database
True or false? Databases can be victim of source code exploits a. true b. false
b. false
True or false? The stability of a web server does not depend on the operating system a. true b. false
b. false
Browsers do not display ________ a. ActiveX b. Hidden fields c. Java d. JavaScript
b. hidden fields
Which of the following challenges can be solved by firewalls? a. protection against buffer overflows b. protection against scanning c. enforcement of privileges d. ability to use non standard ports
b. protection against scanning
____________ can be caused by exploitation of defects and codes a. buffer overflows b. sql injection c. buffer injection d. input validation
b. sql injection
Which class of individuals works the most with the server and is primarily concerned with access to content and services? a. Server administrator b. Network administrator c. End user d. Web attacker
c. End user
__________ is used to audit databases a. ping b. IPConfig c. NCC SQuirreL d. SQLRECON
c. NCC SQuirreL
Common database vulnerabilities include all of the following EXCEPT: a. unused stored procedures b. services account privilege issues c. strong audit log settings d. weak or poor authentication methods enabled
c. strong audit log settings
Which of the following is a tool specifically designed with common vulnerabilities to help Web developers test their own applications prior to release? a. CVE listing database b. SQL injection c. Cross-site scripting (XSS) d. Damn Vulnerable Web Application (DVWA)
d. Damn Vulnerable Web Application (DVWA)
The categories of Web application vulnerabilities include all of the following EXCEPT: a. authentication issues b. authorization config c. session management issues d. end-user education
d. end-user education
True or False? Input validation is a result of SQl injections a. true b. false
b. false
