Computer System Security MCQ with answers -12

Posted by

COMPUTER SYSTEM SECURITY MCQ with all answers (100% free pdf download)

Secure architecture principles isolation and leas: Access Control Concepts , Unix and
windows access control summary ,Other issues in access control ,Introduction to browser
isolation .
Web security landscape : Web security definitions goals and threat models , HTTP content
rendering .Browser isolation .Security interface , Cookies frames and frame busting, Major web
server threats ,Cross site request forgery ,Cross site scripting ,Defenses and protections against
XSS, Finding vulnerabilities ,Secure development.

81. What is used to carry traffic of one protocol over the network that does not support that protocol directly…
a. Tunnelling
b. Trafficking
c. Transferring
d. Switching
Answer: a

82. In which Mode the authentication header is inserted immediately after the IP header…
a. Tunnel
b. Transport
c. Authentication
d. Both A and B
Answer: a

83. Which of the following is an extension of an enterprise private intranet across a public Network that creates a secure private connection…
a. VNP
c. VSN
d. VPN
Answer: d

84. What term is considered as a basis for most robust authentication schemes…
a. Registration
b. Identification
c. Encryption
d. Refine information
Answer: c

85. A method that uses two independent pieces/processes of information to identify a user is known as…
a. Authentication through encryption
b. Password-method authentication
c. Two-method authentication
d. Two-factor authentication
Answer: d

86. Where the security enforcement is needed firstly…
a. Scripting
b. Application
c. Assigning Roles
d. Administration
Answer: b

87. Which database allows a system administrator to associate a function with a relation…
a. Virtual database
b. Private database
c. Custom database
d. Virtual Private Database(VPD)
Answer: d

88. Applications create queries dynamically, can be considered as a risk source of …
a. Active attacks
b. Passive attacks
c. Forgery
d. Injection
Answer: d

89. Which of the following should be stored in the cookie?
a. Session ID
b. Account Privileges
c. UserName
d. Password
Answer: a

90. In which of the following exploits does an attacker insert malicious code into a link that appears to be from a trustworthy source?
a. Cross-Site Scripting
b. Buffer over flows
c. Command injection
d. Path traversal attack
Answer: a

91. Failing to properly validate uploaded files could result in:
a. Arbitrary code execution
b. Inadequate caching headers
c. Distributed Denial of Service Attack against clients
d. None of the above
Answer: a

92. What does “White List” data validation means?
a. Data is validated against a list of values that are known to be valid
b. Data is validated against a list of values that are known to be invalid
c. Both of the above
d. None of the above
Answer: a

93. Which languages are vulnerable to Cross Site Scripting attacks ?
a. Java
b. ASP.Net
c. Perl
d. All of the above
Answer: d

94. Out of the following which can be considered as user input for which validation is not required
a. Host Header
b. Cookie
c. Referrer Header
d. None of the above
Answer: d

95. The main risk to a web application in across site scripting attack is …
a. Compromise of users
b. Loss of data integrity
c. Destruction of data
d. None of the above
Answer: a

96. Which cookie flag, when set, will prevent their transmission over non secure channel?
a. Secure
b. Domain
c. Expires
d. Static
Answer: a

97. Cross Site Scripting is an attack against
a. Client (Browser)
b. Database
c. Web Application
d. Web Server
Answer: a

98. Which of the following is appropriate for customer emails regarding a limited time promotional offer?
a. Request that the user authenticate him/herself by replying to the email with their account credentials.
b. Personalized greeting line
c. Providing easy access to the customer’s account via a “Click Here” style link
d. Sending the email from a domain set up specifically for the special offer
Answer: b

99. Out of the following which one can be considered as a possible solutions for SQL injection vulnerability?
a. Data Validation
b. Secure Cookies
c. Encryption
d. Comprehensive exception handling
Answer: a

100. What is the common cause of buffer over flows, cross-site scripting, SQL injection and format string attacks?
a. Unvalidated input
b. Lack of authentication
c. Improper error handing
d. Insecure configuration management
Answer: a

101. What is the preferred medium for backing up log files ?
a. Print the logs to a paper
b. Create a copy of data in your laptop/desktop
c. Copy the files to CD-R’s
d. None of the above
Answer: c

102. Temporary files
a. Should be placed securely in a folder called “temp” in the web root
b. Can be placed anywhere in the web root as long as there are no links to them
c. Should be completely removed from the server
d. Can be placed anywhere after changing the extension
Answer: c

103. Implementing Access Control based on a hard coded IP address
a. Can be done as it as an internal IP
b. Can be done for internet facing servers as there are no chances of IP conflicts
c. Is a good security practice
d. Is a bad security practice
Answer: d

104. How can we prevent dictionary attacks on password hashes ?
a. Hashing the password twice
b. Encrypting the password using the private key
c. Use an encryption algorithm you wrote your self so no one knows how it works
d. Salting the hash
Answer: b

105. Web server will log which part of a GET request?
a. Hidden tags
b. Query Strings
c. Header
d. Cookies
Answer: b

106. _________ is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.
a. Two-factor authentication
b. Cross-site request forgery
c. Cross-site scripting
d. Cross-site scoring scripting
Answer:- b

107. _____ of home users that have broadband router with a default or no password (according to the lecture)
a. 85%
b. 64%
c. 50%
d. 45%
Answer:- c

108. Which of the following is a common source blocking?
a. Buggy User agents
b. User preference in browser
c. Network stripping by local machine
d. All of the above
Answer:- d

109. Which of the following is a reason for mounting CSRF attack?
a. Network Connectivity
b. Read Browser State
c. Write Browser State
d. All of the above
Answer:- d

110. To prevent CSRF, _______ validation should be used.
a. Referrer
b. Origin
c. Either A or B
d. None of the above
Answer:- c

111. What of the following is a website vulnerability?
a. SQL Injection
c. Cross Side Scripting
d. All of the above
Answer: – d

112. What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?
a. Security Misconfiguration
b. Cross Site Scripting
c. Insecure Direct Object References
d. Broken Authentication and Session Management
Answer:- b

113. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later display it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.
a. Two-factor authentication
b. Cross-site request forgery
c. Cross-site scripting
d. Cross-site scoring scripting
Answer:- c

114. _________ is a method of injecting malicious code.
a. Stored XSS
b. Reflected XSS
c. DOM based attack
d. All of the above
Answer:- d

115. In cross-site scripting where does the malicious script execute?
a. On the web server
b. In the user’s browser
c. On the attacker’s system
d. In the web app model code
Answer:- b

116. Which of the following is the best way to prevent a DOM-based XSS attack?
a. Set the HttpOnly flag in cookies
b. Ensure that session IDs are not exposed in a URL
c. Ensure that a different nonce is created for each request
d. Validate any input that comes from another Web site
Answer:- d

117. Which of the following is the best way to prevent malicious input exploiting your application?
a. Input validation using an allow List
b. Using encryption
c. Using table indirection
d. Using GET/POST parameters
Answer:- a

118. Which of the following is an advanced anti – XSS tool?
a. Dynamic Data Tainting
b. Static Analysis
c. Both A and B
d. None of the above
Answer:- c

119. Which of the following is a part of output filtering / encoding?
a. Remove / encode (X) HTML special chars
b. Allow only safe commands
c. Both A and B
d. None of the above
Answer:- c

120. Identify the correct statement with respect to ASP.NET output filtering?
a. Validate request
b. Javascript as scheme in URI
c. Javascript On{event} attributes (handlers)
d. All of the above
Answer:- d