Role-Based Access control helps prevent this OWASP Top 10 weakness

Invalidated Redirect or Forward

What is the type of flaw that occurs when un trusted user entered data is sent to the interpreter as part of a query or command?

Insecure Direct Object References

You receive an e-mail from bank saying that you have won a contest. What should you do

Contact your bank to confirm the information

Provide the information so you can claim your prize as quickly as possible

Answer the e-mail and ask them to call you with more information

Forward the mail to others for their opinion

The use of proper security techniques can (choose two)

Minimize the threat of attackers

Prevent most hackers from accessing your system

Allow access to unauthorized users

Network permissions should be established so that users can accomplish their tasks, but cannot access any system resources that are not necessary so that

Only the resources authorized for that user will be at risk

A hacker cannot steal a legitimate user's identity

Users will not have access to and misuse system resources

Hackers will not pose as legitimate users

You should set a secure flag in a cookie to ensure that:

The cookie is sent over an encrypted channel

The cookie is a persistent cookie

The cookie is deleted when the user closes the browser

The cookie is not available to client script

Web Application Security Testing-PreTest

Authored by Omantel Ohi

Computers

Professional Development

Used 174+ times

Web Application Security Testing-PreTest

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following threats is most likely to be caused by poor input validation?

Enabling of IPSec

Insecure direct object reference

Insufficient transport layer protection

Insecure cryptographic storage

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?

Security Mis-configuration

Cross Site Scripting

Insecure Direct Object Reference

Broken Authentication and Session Management

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An attack technique that forces a user’s session credential or session ID to an explicit value

Brute Force Attack

Session Hijacking

Session Fixation

Dictionary Attack

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What threat arises from not flagging HTTP cookies with tokens as secure?

Session Hijacking

Insecure Cryptographic Storage

Access Control Violation

Session Replay

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How does malicious input flow in a DOM-based XSS?

From Server to Client

From Client to Server

From Attacker to Server

From Victim to Server

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites

SQL injection

Cross Site Scripting

Malware Uploading

Man in the Middle

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What flaw can lead to exposure of resources or functionality to unintended actors?

Session Fixation

Improper authentication

Insecure Cryptographic Storage

Invalidated redirects and forwards

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Cloud services

Quiz

•

Professional Development

16 questions

CPA CPF1 System Specifications

Quiz

•

8th Grade - Professio...

18 questions

DW (EM25) - Elementos y procesos de UX (T4)

Quiz

•

University - Professi...

15 questions

JDBC_Objective_Exam_2

Quiz

•

Professional Development

20 questions

Software Development and SuccessMaker Quiz

Quiz

•

Professional Development

17 questions

Net & Cloud - Session 3 - OSI & TCP/IP

Quiz

•

Professional Development

20 questions

Introduction to Internet based Programming

Quiz

•

Professional Development

20 questions

General ICT

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Computers

44 questions

Would you rather...

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

14 questions

Valentine's Day Trivia!

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

Web Application Security Testing-PreTest

Which of the following threats is most likely to be caused by poor input validation?

What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?

An attack technique that forces a user’s session credential or session ID to an explicit value

What threat arises from not flagging HTTP cookies with tokens as secure?

How does malicious input flow in a DOM-based XSS?

Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites

What flaw can lead to exposure of resources or functionality to unintended actors?

Role-Based Access control helps prevent this OWASP Top 10 weakness

What is the type of flaw that occurs when un trusted user entered data is sent to the interpreter as part of a query or command?

For every link or form which invoke state-changing functions with an unpredictable token for each user what attack can be prevented?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers