Encrypting data with SSL will not guarantee the safety of a website, because: a. This only protects data between the website and user, not the Web application itself. (A) b. This approach ignores the security of the software on the network or Web server. c. This only protects data transmitted through port 443. d. The encryption used by SSL is not strong.

What is another term for DAST? a. White box testing. b. Black box testing. (A) c. Glass box testing. d. Gray box testing.

What type of attack target a website’s method of validating the identity of a user? a. Authorization. b. Authentication. (A) c. Identity attack. d. Client-side attack.

Which HTTP method sends data to the server? a. GET b. POST (A) c. PUT d. SEND

A hacker enters the following script into the search box or an entry form: . The hacker then clicks the search button and a pop-up window appears stating It Worked. What you conclude from this? a. The site is susceptible to buffer overflow b. The site is susceptible to SQL injection c. The site is susceptible to parameter tampering d. The site is susceptible to XSS (A)

In electronic authentication, which of the following controls is effective against cross-site scripting (XSS) vulnerabilities? a. Sanitize inputs to make them non executable. (A) b. Insert random data into any linked uniform resource locator c. Insert random data into a hidden field d. Use a per-session shared secret

CSRF stands for a. Cross State Request Forgery b. Cross Site Reply Forgery c. Cross Site Request Forgery (A) d. Cross State Reply Forgery.