EH-09-P1 Web Application Security Fundamentals

Question 1

What is the current OWASP’s top threat

a. ) Misconfiguration
b. ) Cross-site Scripting XSS
c. ) Insecure Deserialization
d. ) Injection

Answer 1

d.) Injection

Question 2

Which technology below is client side?

a,) JavaScript

b. ) Java
c. ) PHP
d. ) SQL

Answer 2

a.) JavaScript

Question 3

Burp Suite can proxy HTTPS traffic if you import the certificate in your Browser T or F

Answer 3

True

Question 4

Which type of attack is NOT a injection attack

a. ) Code Injection
b. ) Click Jack Injection
c. ) Blind SQL injection
d. ) Command injection

Answer 4

b.) Click Jack Injection

Question 5

Which server-side technology would indicate the use of IIS?

a. ) PHP
b. ) ASP
c. ) CGI
d. ) SQL

Answer 5

b.)

Question 6

Which web server is tuned for maximum efficiency (low memory footprint, good for load balancer, etc.)

a. ) Tomcat
b. ) Apache
c. ) IIS
d. ) Nginx

Answer 6

d.) Nginx

Question 7

Which HTTP method is used to request data

a. ) PUT
b. ) DELETE
c. ) REQUEST
d. ) HEAD

Answer 7

d.) HEAD

Question 8

Which server side technology relies on Java?

a. ) ASP
b. ) PHP
c. ) SQL
d. ) JSP

Answer 8

d.) JSP

Question 9

Which HTTP Security Header protects against click jack attacks?

a. ) STRICT-TRANSPORT-SECURITY
b. ) X-Frame-OPTIONS
c. ) X-CONTENT-TYPE-OPTIONS
d. ) X-XSS-PROTECTION

Answer 9

b.) X-Frame-OPTIONS

Question 10

Which HTTP traffic inteception tools (i.e. web proxy) is maintained by OWASP

a. ) Burp Suite
b. ) Intruder
c. ) ZAP
d. ) Fiddler

Answer 10

c.) ZAP