More
    HomeSTUDY MATERIALCyber SecurityComputer System Security 9th Week Solution

    Computer System Security 9th Week Solution

    Published on

    Disclaimer for ReGyan

    If you require any more information or you have any problem regarding Copyright or have any questions about our site’s disclaimer, please feel free to contact us by email at hello@regyan.com.

    Disclaimers for ReGyan

    All the information on this website is published in good faith and for general information and educational purpose only. ReGyan does not make any warranties about the completeness, reliability, and accuracy of this information. Any action you take upon the information you find on this website (regyan.com), is strictly at your own risk. will not be liable for any losses and/or damages in connection with the use of our website.

     


    Computer System Security 9th Week Solution is given below.

    Q:1. _________ is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.

    1. Two-factor authentication

    2. Cross-site request forgery

    3. Cross-site scripting

    4. Cross-site scoring scripting

    Also See:- Sir Ratan Tata Scholarship 2020 Apply Online

    Answer:- 2. Cross-site request forgery

    Q:2. _____ of home users that have broadband router with a default or no password (according to the lecture)

    1. 85%

    2. 64%

    3. 50%

    4. 45%

    Answer:- 3. 50%

    Q:3. Which of the following is a common source blocking?

    1. Buggy User agents

    2. User preference in browser

    3. Network stripping by local machine

    4. All of the above




    Answer:- 4. All of the above

    PLEASE LIKE & SUBSCRIBE THIS YOUTUBE CHANNEL

    Q:4. Which of the following is a reason for mounting CSRF attack?

    1. Network Connectivity

    2. Read Browser State

    3. Write Browser State

    4. All of the above

    Answer:- 4. All of the above

    Q:5. To prevent CSRF, _______ validation should be used.

    1. Referrer

    2. Origin

    3. Either A or B

    4. None of the above

    Answer:- 3. Either A or B

    Q:6. What of the following is a website vulnerability?

    1. SQL Injection

    2. CSRF

    3. Cross Side Scripting

    4. All of the above

    Answer:- 4. All of the above

    Q:7. What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?

    1. Security Misconfiguration

    2. Cross Site Scripting

    3. Insecure Direct Object References

    4. Broken Authentication and Session Management




    Answer:- 2. Cross Site Scripting

    Q:8. A Web site that allows users to enter text, such as a comment or a name, and then stores it and later display it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.

    1. Two-factor authentication

    2. Cross-site request forgery

    3. Cross-site scripting

    4. Cross-site scoring scripting

    Answer:- 3. Cross-site scripting

    Q:9. _________ is a method of injecting malicious code.

    1. Stored XSS

    2. Reflected XSS

    3. DOM based attack

    4. All of the above

    Also See:- UPPSC Recruitment 2020, 200 ACF/ RFO & Other Vacancies Apply Online




    PLEASE LIKE & SUBSCRIBE THIS YOUTUBE CHANNEL

    Answer:- 4. All of the above

    Q:10. In cross-site scripting where does the malicious script execute?

    1. On the web server

    2. In the user’s browser

    3. On the attacker’s system

    4. In the web app model code

    Answer:- 2. In the user’s browser

    Q:11. Which of the following is the best way to prevent a DOM-based XSS attack?

    1. Set the HttpOnly flag in cookies

    2. Ensure that session IDs are not exposed in a URL

    3. Ensure that a different nonce is created for each request

    4. Validate any input that comes from another Web site

    Answer:- 4. Validate any input that comes from another Web site

    Q:12. Which of the following is the best way to prevent malicious input exploiting your application?

    1. Input validation using an allow List

    2. Using encryption

    3. Using table indirection

    4. Using GET/POST parameters




    Answer:- 1. Input validation using an allow List

    Q:13. Which of the following is an advanced anti – XSS tool?

    1. Dynamic Data Tainting

    2. Static Analysis

    3. Both A and B

    4. None of the above

    Answer:- 3. Both A and B

    Q:14. Which of the following is a part of output filtering / encoding?

    1. Remove / encode (X) HTML special chars

    2. Allow only safe commands

    3. Both A and B

    4. None of the above

    Answer:- 3. Both A and B

    Q:15. Identify the correct statement with respect to ASP.NET output filtering?

    1. Validate request

    2. Javascript as scheme in URI

    3. Javascript On{event} attributes (handlers)

    4. All of the above

    PLEASE LIKE & SUBSCRIBE THIS YOUTUBE CHANNEL

    Answer:- 4. All of the above




    Computer System Security 9th Week Solution is given below. the solution of Computer System Security 7rd Week Solution and all the answers are correct.

    Latest articles

    GlobalLogic .NET DEVELOPER 2022 Apply Now

    About GlobalLogic GlobalLogic .NET DEVELOPER 2022 is now available, Interested candidates can apply from the...

    Zeta Mobile Internship 2022 Apply Now

    About Zeta Zeta Mobile Internship 2022 is now available for 2023 and 2024 passing out...

    Texas Instruments Application Developer 2022 Apply Now

    About Texas Instruments Texas Instruments Application Developer 2022 is now open for all the freshers...

    NXP Embedded Software Engineer 2022 Apply Now

    About NXP NXP Embedded Software Engineer 2022 is now available so all interested candidates can...

    More like this

    GlobalLogic .NET DEVELOPER 2022 Apply Now

    About GlobalLogic GlobalLogic .NET DEVELOPER 2022 is now available, Interested candidates can apply from the...

    Zeta Mobile Internship 2022 Apply Now

    About Zeta Zeta Mobile Internship 2022 is now available for 2023 and 2024 passing out...

    Texas Instruments Application Developer 2022 Apply Now

    About Texas Instruments Texas Instruments Application Developer 2022 is now open for all the freshers...