Generic filters

Exact matches only

Audit Collections
Courses
Quizzes
Templates
Blog
Register
Login

Generic filters

Exact matches only

Web Application Security Audit Quiz

Web Application Security Audit Quiz

Refresh page if Quiz does not AUTOSTART in 5 seconds

Time limit: 0

Quiz Summary

0 of 20 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 20 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

Not categorized 0%

maximum of 20 points
Pos.	Name	Entered on	Points	Result
Table is loading
No data available

Would you like to submit your quiz result to the leaderboard?

Loading

Name: E-Mail:

Captcha:

captcha

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Current
Review
Answered
Correct
Incorrect

Question 1 of 20

1. Question
Which of the following is the best way to prevent malicious input from exploiting an application?
- Input validation using an allow List
- Encryption
- MFA
- GET/POST Parameters
Question 2 of 20

2. Question
Which of the following are some of the ways to protect against injection attacks?
- Block list
- Allow list
- Escaping
Question 3 of 20

3. Question
Which of the following is a best practice for securely storing passwords in a web application database?
- Hashing passwords with a salt
- Encryption
- Masking
- Encoding
Question 4 of 20

4. Question
What is the recommended method to protect against Cross-Site Scripting (XSS) attacks?
- Encode data on output
- Disable user input fields
- Encrypt data on output
- Use GET requests for forms
Question 5 of 20

5. Question
Which of the following is/are (a) mitigation technique(s) for Broken Authentication?
- Multi-factor authentication
- Session timeouts
- Password complexity requirements
Question 6 of 20

6. Question
Insufficient logging and monitoring can lead to which of the following?
- Delay in breach detection
- Difficulty in understanding the impact
- Difficulty in identifying the perpetrator
Question 7 of 20

7. Question
During a vulnerability scan, you identify an XSS (Cross-Site Scripting) vulnerability in a user input form. The form allows users to enter a product review. Which of the following approaches would effectively mitigate this vulnerability?
- Escape all user input before displaying it on the web page.
- Limit the number of characters for the product review.
- Implement CAPTCHA verification for all user input forms.
- Increase the complexity requirements for user passwords.
Question 8 of 20

8. Question
A web application stores sensitive user data such as credit card information. Which of the following encryption methods is most suitable for protecting this data at rest?
- Symmetric encryption for data storage.
- Asymmetric encryption for key exchange.
- Symmetric encryption for key exchange.
- Asymmetric encryption for data storage.
Question 9 of 20

9. Question
What is the primary purpose of the HTTPOnly flag in cookies?
- Prevents JavaScript from accessing the cookie
- Makes cookies to be sent only over HTTP
- Encrypts the cookie data
- Makes the cookie hidden to the user
Question 10 of 20

10. Question
The HttpOnly flag in a cookie should be set to ensure that:
- The cookie is not available to client scripts
- The cookie is sent over HTTP Only
- The cookie is a persistent cookie
- The cookie is deleted when the user closes the browser
Question 11 of 20

11. Question
A web application allows users to upload profile pictures. To prevent file upload vulnerabilities, which of the following configurations on the server-side is most important?
- Validate the content type and file extension of uploaded files.
- Enforce strict file size limits for uploaded images.
- Store uploaded files in a private directory.
- Implement a custom image resizing script on the server.
Question 12 of 20

12. Question
You should use a blacklist wherever possible. Only use whitelists as a secondary defense
- FALSE
- TRUE
Question 13 of 20

13. Question
Which of the following sources can be directly controlled by a malicious user?
- GET/POST Parameters
- Server Configurations
- Ports
Question 14 of 20

14. Question
CAPTCHA
- Completely Automated Public Turing test to tell Computers and Humans Apart
- Completely Automatic Private Test to tell Computers and Humans Apart
- Completely Automated Public Turing test to tell Computers and Human AI
- Completely Automatic Private Turing test to tell Computers and Humans Apart
Question 15 of 20

15. Question
Which of the following functionalities should be included in an authentication and session management system?
- User Management
- Account Lockout
- MFA
Question 16 of 20

16. Question
Which configuration file is commonly used to set server-wide security policies in Apache?
- httpd.conf
- .htaccess
- ssl.conf
- vhost.conf
Question 17 of 20

17. Question
During an API security audit, you discover that sensitive data is being exposed in the URL. Which of the following measures is the most effective to mitigate this issue?
- Use POST requests instead of GET requests
- Encrypt the query parameters
- Move sensitive data to request headers
- Store sensitive data in a session token
Question 18 of 20

18. Question
To protect against Denial of Service (DoS) attacks, what is the most effective method for securing an API?
- Implement rate limiting and throttling
- Increase server resources to accomodate more requests
- Disable logging to reduce server load and improve performance during high traffic
Question 19 of 20

19. Question
Drag the HTTP Methods to their appropriate description
Sort elements
- GET
- POST
- PUT
- DELETE
- Requests data from a specified resource.
- Submits data to a specified resource.
- Updates an existing resource with new data.
- Removes the specified resource.
Question 20 of 20

20. Question
Drag each JavaScript library to its core feature
Sort elements
- Helmet
- React
- Bootstrap
- D3
- Leaflet
- Set HTTP Response Headers
- Build User Interfaces
- Responsive Sites
- Data Visualizations
- Interactive Maps

Copyright © 2024 | Euriun Technologies | All Rights Reserved.

The guidance, recommendations and procedures on this site is for information purposes only.

Not all recommendations is applicable to all technology environments. Before acting on any recommendation from this site, independently evaluate the security, legal, technical, compliance and reputational implications, considering the unique technology configurations in each scenario.

In your workplace, consult the neccessary Information Technology and/or Security Unit before implementing any recommendation from this site.

Pin It on Pinterest

Login

Accessing this course requires a login. Please enter your credentials below!

Username or Email Address

Password

Remember Me

Lost Your Password?

Register

Don't have an account? Register one!

Register an Account