ICS-CE 6-IOEUA32185A: Open Elective I(Information

and Cyber Security)

atharva.21910652@viit.ac.in Switch account

Draft saved

Your email will be recorded when you submit this form

* Required

Multiple Choice Questions

An attacker lures a victim to malicious content on a Web site. A request is

automatically sent to the vulnerable site which includes victim’s credentials.
Which attack is most likely to occur in this scenario? *

Cross-site scripting

Injection

Insecure direct object reference

Cross-site request forgery

Which of the following is most likely to result from unvalidated redirects and
forwards? *

Network sniffing

Man-in-the-middle attack

Bypassed authorization checks

Brute force attack

A user is able to pass malicious input that invokes control codes in your Web
application. Which vulnerability is most likely to occur in your Web application? *

Insufficient transport layer protection

Failure to restrict URL access

Insecure direct object references

Injection

Your Web application stores information about many accounts. Which threat is
your Web application susceptible to if you can manipulate the URL of an account
page to access all accounts? *

Cross-site scripting

Injection

Insecure direct object reference

Cross-site request forgery

Which of the following scenarios is most likely to cause an injection attack? *

A Web application does not validate a client’s access to a resource.

A Web action performs an operation on behalf of the user without checking a shared
secret

Unvalidated input can be distinguished from valid instructions

Unvalidated input is embedded in an instruction stream.

Which of the following should you use to protect the connections between the
physical tiers of your application? *

Kerberos

HTTP

SSL

EFS

Which of the following vulnerabilities is most likely to occur due to an insecure

direct object reference attack? *

Impersonating any user on the system

Modifying SQL data pointed to by the query.

Executing commands on the server

Accessing a resource without authorization

True or false: When implementing an authentication or session system you

should ensure that new session IDs are not created at login. *

False

True

Which of the following is an injection attack? *

Cross-site scripting

Cross-site request forgery

Insecure direct object references

Broken authentication and session management

 Which of the following combine public-key cryptography with a cryptographic
hash? *

Salt

Digital signature

Nonce

SSL

Back Submit Clear form

Never submit passwords through Google Forms.

This form was created inside of Vishwakarma Institute of Information Technology. Report Abuse

 Forms