Computer System Security MCQ with answers -11

Posted by

COMPUTER SYSTEM SECURITY MCQ with all answers (100% free pdf download)

Secure architecture principles isolation and leas: Access Control Concepts , Unix and
windows access control summary ,Other issues in access control ,Introduction to browser
isolation .
Web security landscape : Web security definitions goals and threat models , HTTP content
rendering .Browser isolation .Security interface , Cookies frames and frame busting, Major web
server threats ,Cross site request forgery ,Cross site scripting ,Defenses and protections against
XSS, Finding vulnerabilities ,Secure development.

51. If we talk about stack based IDS, Which of the following is/are correct ?
a. They are integrated with the TCP/IP stack.
b. They pulls the packet from stack before OS
c. Both (a). and (b).
d. None of the above
Answer:- (c )

52. Which of the following browsers is the least capable of detecting mixed content?
a. IE
b. Firefox
c. Safari
d. Chrome
Answer: Safari

53. Which of the following browsers displays mixed-content dialog to user?
a. IE
b. Firefox
c. Safari
d. Chrome
Answer: a

54. As per the lecture, for maximum security, passwords should be made up of:
a. Lower case letters only
b. Memorable names and dates
c. Upper case and lower-case letters, numbers and non letter characters
d. Upper case and lower-case letters, numbers and symbols
Answer: d

55. When accessing a website, which icon can be seen in the address bar to indicate that the website is secure?
a. An arrow
b. A padlock
c. A house
d. A shield
Answer: b

56. If you share too much information on social media, what may you be at most risk of?
a. Phishing
b. Malware
c. Identity theft
d. Ransomware
Answer: c

57. Cookies were originally designed for
a. Client-side programming
b. Server-side programming
c. Both Client-side programming and Server-side programming
d. None of the mentioned
Answer: b

58. What is the constraint on the data per cookie?
a. 16 KB
b. 8 KB
c. 4 KB
d. 2 KB
Answer: c

59. Which of the following is the maximum number of cookies that a browser can store?
a. 10 Cookies / Site
b. 20 Cookies / Site
c. 30 Cookies / Site
d. None of the above
Answer: b

60. Which of the following is a use of cookies?
a. User Authentication
b. Personalization
c. User Tracking
d. All of the above
Answer: d

61. If we set the secure attribute of the cookie equals to true, then which of the following is correct?
a. The browser will only send cookie back over HTTPS
b. The browser will only send cookie back over HTTP
c. The browser will send cookie back over both HTTPS & HTTP
d. None of the above
Answer: d

62. SQL injection is an attack in which _________ code is inserted into strings that are later passed to an instance of SQL Server.
a. malicious
b. redundant
c. clean
d. non malicious
Answer: a

63. Point out the wrong statement:
a. SQL injection vulnerabilities occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized
b. SQL injection allows an attacker to access the SQL servers and execute SQL code under the privileges of the user used to connect to the database
c. The use of PL-SQL opens the door to SQL injection vulnerabilities
d. None of the mentioned statements is wrong
Answer: c

64. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later display it to other users, is potentially vulnerable to a kind of attack called a ___________attack.
a. Two-factor authentication
b. Cross-site request forgery
c. Cross-site scripting
d. Cross-site scoring scripting
Answer: b

65. Many applications use ___________ where two independent factors are used to identify a user.
a. Two-factor authentication
b. Cross-site request forgery
c. Cross-site scripting
d. Cross-site scoring scripting
Answer: a

66. Which of the following is a good way to prevent SQL injection?
a. Use parameterized / prepared SQL
b. Use ORM framework
c. Both A and B
d. None of the above
Answer: c

67. which attacks, the attacker manage’s to take control of the application to execute an SQL query created by the attacker…
a. SQL injection
b. Direct
c. SQL
d. Application
Answer: a

68. A Web site that allows users to enter text, such as a comment or a name, and then stores it and laterdisplays it to other users, is potentially vulnerable to a kind of attack what attack is it…
a. Cross-site scoring scripting
b. Cross-site request forgery
c. Cross-site scripting
d. Two-factor authentication
Answer: c

69. Attack which forces a user(end user)to execute unwanted actions on a web application in which he/she is currently authenticated…
a. Cross-site scoring scripting
b. Cross-site request forgery
c. Cross-site scripting
d. Two-factor authentication
Answer: b

70. Even with two-factor authentication, users are vulnerable to which attacks.
a. Man-in-the-middle
b. Cross attack
c. scripting
d. Radiant
Answer: a

71. which factor uses in many applications, where two independent factors are used to identify a user…
a. Cross-site scripting
b. Cross-site request forgery
c. Two-factor authentication
d. Cross-site scoring scripting
Answer: c

72. The system that allows the user to be authenticated once and multiple applications can then verify the user’s identity through an authentication service without requiring reauthentication…
a. OpenID
b. Sign-on system
c. Security Assertion Markup Language
d. Virtual Private Database
Answer: b

73. which database is a standard for exchanging authentication and authorization information between different security domains, to provide crossorganization …
a. OpenID
b. Security Assertion Markup Language
c. Sign-on system
d. Virtual Private Database
Answer: c

74. which id standard is an alternative for single sign-on across organizations, and has seen increasing acceptance in recent years…
a. OpenID
b. Single-site system
c. Security Assertion Markup Language
d. Virtual Private Database
Answer: a

75. which database allows a system administrator to associate a function with a relation the function returns a predicate that must be added to any query that uses the relation…
a. OpenID
b. Security Assertion Markup Language
c. Single-site system
d. Virtual Private Database
Answer: d

76. VPD(virtual private database) provides authorization at the level of specific tuples, or rows, of a relation, and is therefore said to be a mechanism…
a. row-level authorization
b. Column-level authentication
c. authentication
d. Authorization security
Answer: a

77. If a DNS server accepts and uses the wrong details from a host that has no authority giving that information, then this technique is called …?
a. DNS hijacking
b. DNS lookup
c. DNS spoofing
d. All of the above
Answer: c

78. block cypher used by PGP to encrypts data…
a. international data encryption algorithm
b. internet data encryption algorithm
c. private data encryption algorithm
d. All of the above
Answer: c

79. Pretty good privacy PGP(Pretty Good Privacy) is used in…
a. browser security
b. email security
c. FTP security
d. none of the mentioned
Answer: b

80. The extensible authentication protocol is an authentication framework used in…
a. wired local area network
b. wireless networks
c. wired personal area network
d. all of the above
Answer: b