Injection

1. Which of the following scenarios are most likely to cause an injection attack?
Medium, A1 owasp top 10
a. Invalidated input is embedded in an instruction stream.
b. Invalidated input cannot be distinguished from valid instructions.
c. A Web application does not validate a client’s access to a resource.
d. A Web action performs an operation on behalf of the user without checking a shared
secret.
Answer. A, B
2. What is the best method to detect injection?
Need to verify, , Need to verify
A. Source Code Analysis
B. Black Box Analysis
C. Manual Testing
D. All
Answer: A
3. Which type of validation is safe?
Easy, Input validation
A. Black List
B. White List
C. Grey List
D. All
Answer: B

Broken Authentication and Session Management

4. Many applications use _________________ where two independent factors are used to
identify a
user.
Easy, A2 2017
a) Two-factor authentication
b) Two-factor Authorization
c) Two-factor Password Manager
d) Two-factor credential enumeration
Answer: A
5. Even with two-factor authentication, users may still be vulnerable to_____________attacks.
Easy, Authentication vs authorization
a) Radiant
b) Cross attack
c) Scripting
d) Man-in-the-middle
Answer: D
6. Your web application is Vulnerable to 'Broken Authentication and Session Management’ if
Medium, A2 2017
A. Session IDs don’t timeout, or user sessions or authentication tokens, particularly single
sign-on
 (SSO) tokens, aren’t properly invalidated during logout.
B. Session IDs aren’t rotated after successful login.
C. Passwords, session IDs, and other credentials are sent over unencrypted connections
D. All of the above
Answer: D
7. After logout from an application, user presses browser’s back button and again
authenticated pages
are shown to him. Which type of vulnerability exists in application?
Difficult, A2 2017
A. session IDs is sent over unencrypted connections.
B. Session IDs aren’t rotated after successful login.
C. Session Ids aren’t properly invalidated during logout.
D. All of the above
Answer: C

XSS

8. A Web site that allows users to enter text, such as a comment or a name, and then stores it
and
later display it to other users, is potentially vulnerable to a kind of attack called a
___________________ attack.
( Easy, A7)
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
Answer: C
9. Which of them is known as DOM Based XSS?
( Moderate, A7)
A. injected script is permanently stored on the target servers, such as in a database, in a
message
forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the
server
when it requests the stored information.
B. injected script is reflected off the web server, such as in an error message, search result,
or any
other response that includes some or all of the input sent to the server as part of the
request
C. attack payload is executed as a result of modifying the Document Object Modal
“environment”
in the victim’s browser used by the original client side script, so that the client side code runs
in an
“unexpected” manner.
D. Both A and B are correct
Answer: C
10. Which of them is Cross-site Scripting Attack Vectors?
( Moderate, A7)
 A. <script> tag
B. JavaScript events
C. <img> tag
D. All of the above
Answer: D

Security Misconfiguration

11. Which of them is not among the most common web application threats?
( Easy, Generic)
A. Denial of Service Attacks
B. Cookie/Session Poisoning
C. Code Injection
D. Null Pointer Exceptions
Answer: D
12. Which statement(s) is not true in case of discovering potential Security
Misconfiguration? – (Valid/Easy/A6)
A. Are any default accounts left, and if so, have the passwords been changed?
B. When it is possible to enforce better security in a framework, are those options chosen?
C. Are there any unnecessary features installed/enabled that can be removed? This includes
accounts, too many privileges, ports, etc.
D. Does the error handling reveal overly informative error messages to users?
E. All are true
Answer: E

Broken Access Control

13. Broken Access Control be mitigated by

(valid Difficult A2)
a. Perimeter Firewall Rules
b. Malware Detection
c. Prevent Direct Object References
d. OS Patching
Answer. C
14. Password management includes
Valid Easy Authentication vs Authorization
a. Complex passwords
b. Password minimum and maximum age
c. Account lock-out
d. All of the above
Answer. D

Sensitive Data Exposure

15. ________ is a two-way function
A. Encryption
B. Hashing
C. Salting
 D. Sorting
Answer: A
16. ________ is a one-way function that scrambles plain text to produce a unique message
digest
A. Encryption
B. Hashing
C. Salting
D. Sorting
Answer: B

Missing Function level Access Control

17. Which is/are not a preventive mechanism against Missing Function Level Access Control?
A. The authentication mechanism should deny all access by default, and provide access to
specific
roles for every function.
B. In a workflow based application, verify the users’ state before allowing them to access any
resources.
C. Allow anonymous users to access private functions that aren’t protected.
D. All of the Above
Answer: C
18. In security, the Principle of _______encourages system designers and implementers to allow
running code only the permissions needed to complete the required tasks and no more.
A. Higher Privilege
B. Elevated Privilege
C. Least Privilege
D. Important Privilege
Answer C
19. Which of them is not a valid Access control Policy?
A. Role Based Access Control (RBAC)
B. Discretionary Access Control (DAC)
C. Fixed Access Control (FAC)
D. Permission Based Access Control
Answer: C
CSRF
20. What is phishing?
A. Data transfer protocol
B. Email Scam
C. Network scandal
D. Cross domain scandal
Answer: B
21. . What is a cookie?
A. A computer virus
B. A file that makes it easier to access a Web site and browse
C. A file that hackers use to steal your identity
D. Web application file
Answer: B
 22. . Any application that accepts HTTP requests from an authenticated user without having
some
control to verify that the HTTP request is unique to the user's session may be vulnerable to
A. XSS Attack
B. CSRF Attack
C. Injection Attack
D. Insecure Direct Object Reference Attack
Answer: B

Using Components with known Exploits

23. Attacker identifies a weak component through scanning or manual analysis. He customizes
the
exploit as needed and executes the attack. This scenario describes which flaw in your
webapp.
A. Using Components with Known Vulnerabilities
B. Security Misconfiguration
C. sensitive data exposure
D. None of the above
Answer: A
Unvalidated Redirects and Forwards
24. Consider an Attack scenario where the application uses forwards to route requests between
different parts of the site. To facilitate this, some pages use a parameter to indicate where
the user
should be sent if a transaction is successful. In this case, the attacker crafts a URL that will
pass the
application’s access control check and then forwards the attacker to administrative
functionality for
which the attacker isn’t authorized.
http://www.example.com/boring.jsp?fwd=admin.jsp
This indicates which type of vulnerability in webapp?
Moderate, A10 (OWAP 2013)
A. Session Replay
B. security Misconfiguration
C. URL Rewriting
D. Unvalidated redirects and forwards vulnerability
Answer: D
25. Which statement is not true in Prevention of 'Unvalidated Redirects and Forwards'?
Easy A10(2013)
A. Simply avoid using redirects and forwards.
B. If used, don’t involve user parameters in calculating the destination.
C. If destination parameters can’t be avoided, ensure that the supplied value is valid, and
authorized for the user.
D. The preferred option is to use a safe API which avoids the use of the interpreter entirely
or
provides a parameterized interface.
Answer: D
 CSSLP
Declarative VS Programmtic Security
1. Security can be represented in code as
A. Non-Declarative
B. Imperative
C. Systematic
D. None of the above
Answer. B
2. Which type of Security enables enforcement of Complex Business rules?
a. Programmatic Security
b. Declarative Security
c. Complex Security
d. All of the above
Answer. A
Concurrency
3. Race Condition can be prevented through
a. Input Validation
b. Output Encoding
c. Mutual Exclusion
d. Implementing Captcha (Ans : C)

Programmatic Security
4. Key point to achieve Defensive Security
a) Never trust user input
b) Standardize exception handling
c) Implement Secure Configuration
d) All the above (Ans : D)

Cryptography

5. Which of the following Algorithms belong to asymmetric encryption

a. 3DES
b. RSA
c. RC5
4. IDEA (Ans : b
Sanitization
6. Sanitization always ensures
a. Integrity of the data is maintained
b. Stability of the data is maintained
c. Availability of the data is maintained
d. Confidentialty of the data is maintained (Ans : a)
7. What type of exception can occur in the following code
class findSum
{
 public static void main(String args[])
{
try
{
int i, sum;
sum = 10;
for (i = -1; i < 3 ;++i)
sum = (sum / i);
}
System.out.print(sum);
}
}
a. Null Pointer Exception
b. Arithmetic Exception
c. Number Format Exception
d. Exception will not occur (Ans : b
8. Which of the following statement is false in case of logging
a. Logging of Authentication Process which includes number of successful
and failed
login attempts.
b. Logging puts load on the system
c. Logging improves the performance of the system
d. Logging helps in incident management (Ans : c)
Memory Management
9. Memory management and allocation is a shared responsibility
a. between the operating system and processor
b. between processor and application
c. between the operating system and application
d. of operating sytem only
Anc C
10. What happens to the thread when garbage collection kicks off?
a) The thread continues its operation
b) Garbage collection cannot happen until the thread is running
c) The thread is paused while garbage collection runs
d) The thread and garbage collection do not interfere with each other (Ans : c)
High