Module 14 - Hacking Web Application ( EC Mode Part 02 )

Question 1

Which of the following vulnerabilities occurs when an application adds files without the proper validation of inputs, thereby enabling an attacker to modify the input and embed path traversal characters?

A. File fingerprinting
B. Fileless malware
C. Local file inclusion
D. Security misconfiguration

Answer 1

Answer: C. Local file inclusion

Question 2

Which of the following techniques does an attacker use to replace the value of the data source parameter with that of a rogue Microsoft SQL server?

A. Connection pool DoS
B. Hijacking web credentials
C. Port scanning
D. Hash stealing

Answer 2

Answer: D. Hash stealing

Question 3

In which of the following attack techniques does an attacker lure victims via email or a link that is constructed such that the loopholes of remote execution code become accessible, allowing the attacker to obtain access privileges equal to those of authorized users?

A. Request forgery attack
B. ActiveX attack
C. Session fixation
D. Frame injection

Answer 3

Answer: B. ActiveX attack

Question 4

Which of the following attacks is possible when an attacker executes .bat or .cmd files and changes the values by superimposing one or more operating-system commands through the request?

A. WS-address spoofing
B. Parsing attack
C. SOAPAction spoofing
D. XML injection attack

Answer 4

Answer: B. Parsing attack

Question 5

An attacker tries to enumerate the username and password of an account named “rini Mathew” on wordpress.com. On the first attempt, the attacker tried to login as “rini.mathews,” which resulted in the login failure message “invalid email or username.” On the second attempt, the attacker tried to login as “rinimathews,” which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username “rinimathews” exists. What is the attack that is performed by the attacker?

A. Man-in-the-middle
B. Phishing
C. Brute-forcing
D. Username enumeration

Answer 5

Answer: D. Username enumeration

Question 6

Which of the following web-service APIs is programmed to generate, recover, modify, and erase different logs such as profiles, credentials, and business leads?

A. JSON-RPC
B. XML-RPC
C. RESTful API
D. SOAP API

Answer 6

Answer: D. SOAP API

Question 7

Which of the following API vulnerabilities allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting?

A. Enumerated resources
B. RBAC privilege escalation
C. No ABAC validation
D. Business logic flaws

Answer 7

Answer: C. No ABAC validation

Question 8

Which protocol provides transport-level security for API messages to ensure confidentiality through encryption and integrity through signature?

A. NTP
B. IMAP
C. SSL
D. FTP

Answer 8

Answer: C. SSL

Question 9

Which metadata format does the SOAP API use to reveal a large amount of technical information such as paths, parameters, and message formats?

A. Swagger
B. I/O Docs
C. API-Blueprint
D. WSDL/XML-Schema

Answer 9

Answer: D. WSDL/XML-Schema

Question 10

In which of the following attacks does an attacker saturate an API with a massive volume of traffic from multiple infected computers or botnets to delay the API services to legitimate users?

A. Credential stuffing attack
B. API DDoS attack
C. Invalid input attack
D. Fuzzing

Answer 10

Answer: B. API DDoS attack

Question 11

Which of the following techniques is used by an attacker to connect a fake account on the provider with a victim’s account on the client side?

A. Attack on “redirect_uri”
B. CSRF on authorization response
C. Access token reusage
D. Attack on “Connect” request

Answer 11

Answer: B. CSRF on authorization response

Question 12

Which of the following APIs is a user-defined HTTP callback or push API that is raised based on events triggered, such as receiving a comment on a post or pushing code to the registry?

A. REST API
B. Webhook
C. RESTful API
D. SOAP API

Answer 12

Answer: B. Webhook

Question 13

Which of the following best practices should be followed to prevent web-shell installation?

A. Enable all PHP functions such as exec(), shell_exec(), show_source(), proc_open(), passthru(), and pcntl_exec()
B. Do not use escapeshellarg() or escapeshellcmd()
C. Establish a reverse proxy service for retrieving resources
D. Activate directory browsing in the web server

Answer 13

Answer: C. Establish a reverse proxy service for retrieving resources

Question 14

In one of the following features of the RESTful API, the client end stores the state of the session, and the server is restricted to save data during request processing. Which is this feature?

A. Uniform interface
B. Cacheable
C. Code on demand
D. Stateless

Answer 14

Answer: D. Stateless

Question 15

Which of the following techniques is NOT a best practice for securing webhooks?

A. Use threaded requests to send multiple requests simultaneously
B. Use rate limiting on webhook calls in the web server
C. Avoid validating the X-OP-Timestamp within the threshold of the current time
D. Ensure that event processing is idempotent

Answer 15

Answer: C. Avoid validating the X-OP-Timestamp within the threshold of the current time

Question 16

Which of the following tools helps attackers intercept and analyze the target web APIs, websites, and web services?

A. Censys
B. ReqBin
C. GNU Radio
D. RTL-SDR

Answer 16

Answer: B. ReqBin

Question 17

Identify the correct sequence of steps associated with the implicit grant type to exploit flawed scope validation:

1.After attaining the access token from the targeted client application, the attacker initiates a new request to its corresponding OAuth service provider with an altered scope /userinfo.

2.The attacker targets a vulnerable client application that utilizes an implicit grant-type process to attain access tokens from its clients through an open browser.

3.As the client has already granted permission for data access to the targeted client application, the attacker is now able to access additional information from the user until the OAuth server verifies and validates the scope parameter.

4.When the targeted client application obtains approval from its client and the corresponding access token is generated, the attacker attempts to pocket it.

A. 1 → 4 → 2 → 3
B. 3 → 4 → 2 → 1
C. 2 → 4 → 1 → 3
D. 1 → 2 → 3 → 4

Answer 17

Answer: C. 2 → 4 → 1 → 3

Question 18

Which of the following tools allows attackers to gain remote control over the target web servers and manipulate the files and databases?

A. SearchDiggity
B. CyberX
C. CRITIFENCE
D. China chopper

Answer 18

Answer: D. China chopper

Question 19

Identify the API security layer that creates a mapper layer to enable the conversion of all the database records into different user-visible models.?

A. Layer one
B. Layer two
C. Layer three
D. Layer four
E. Layer five

Answer 19

Answer: C. Layer three

Question 20

Which of the following practices makes web APIs susceptible to different types of attacks?

A. Perform input validation on the server-side instead of the client-side to prevent bypassing attacks
B. Ensure that all the requests made from stateless communication APIs such as REST API are authorized separately, even if they originated from the same user
C. Share an excessive amount of secret data through status messages or resource replies
D. Conduct regular security assessments to secure all the API endpoints using automated tools

Answer 20

Answer: C. Share an excessive amount of secret data through status messages or resource replies

Question 21

Which of the following protocols provides transport-level security for API messages to ensure confidentiality through encryption and integrity through signature?

A. IMAP
B. SSL
C. FTP
D. NTP

Answer 21

Answer: B. SSL

Question 22

Which of the following parameters defines the level of access to an application to redirect a user agent to the authorization server?

A. redirect_uri
B. response_type
C. scope
D. State

Answer 22

Answer: C. scope

Question 23

Which of the following API hacking techniques does not target the API or machine code and instead tricks users into divulging their credentials to perform further attacks?

A. Social engineering
B. Reverse engineering
C. Session replay attack
D. User spoofing

Answer 23

Answer: A. Social engineering

Question 24

Which of the following API security risks can be prevented by performing input validation, implementing a parameterized interface for processing inbound API requests, and limiting the number of records returned?

A. Injection
B. Excessive data exposure
C. Mass assignment
D. Security misconfiguration

Answer 24

Answer: A. Injection

Question 25

In which of the following attacks does an attacker repeatedly send some random input to a target API to generate error messages that reveal critical information?

A. Invalid input attack
B. Fuzzing
C. Login/credential stuffing attack
D. Malicious input attack

Answer 25

Answer: B. Fuzzing

Question 26

In which of the following layers of API security, middleware can be used by the API to provide a query plan by calling the data layer?

A. Layer one
B. Layer two
C. Layer three
D. Layer four

Answer 26

Answer: B. Layer two

Question 27

Tyler, a professional hacker, was hired to intercept and manipulate the web traffic of a rival organization. To achieve this goal, Tyler employed a tool that allowed him to capture the API traffic, including requests, responses, and cookies, using a built-in proxy for analyzing the target web services.

Identify the tool used by Tyler in the above scenario.?

A. DTC-340 RFXpert
B. Postman
C. Kismet
D. Elcomsoft Wireless Security Auditor

Answer 27

Answer: B. Postman

Question 28

Given below are the different steps associated with authorization code grant type for the exploitation of flawed scope validation:

1.When the victim attempts to open the attacker’s malicious client application, the attacker initiates a request to the OAuth service provider for access to the client’s mail address using the OpenID email scope.
2.Attacker registers for the OAuth service that is used by the targeted resource owner for their malicious client application.
3.Now, the attacker attains a valid access token to access and pocket additional data by using the escalated scope to make usual API calls to the client.
4.When the user provides authorization for their request, the attacker attains an authorization code as a response.
5.Now, the attacker initiates the scope escalation process for the targeted client by controlling their malicious client application to add additional scope.
6.After approval from the OAuth server, the attacker attains a new access token containing the newly added additional scope.

Identify the correct sequence of steps associated with the authorization code grant type.?

A. 3 → 5 → 2 → 1 → 4 → 6
B. 6 → 3 → 1 → 5 → 4 → 2
C. 2 → 1 → 4 → 5 → 6 → 3
D. 2 → 1 → 3 → 4 → 5 → 6

Answer 28

Answer: C. 2 → 1 → 4 → 5 → 6 → 3

Question 29

Which of the following practices helps security experts secure web APIs from various attacks?

A. Ensure that all the requests made from stateful communication APIs
B. Use client-generated tokens embedded in HTML as hidden fields for validating the incoming request
C. Use SOAP APIs with in-built security features instead of conventional design-based REST APIs
D. Do not implement a pagination technique

Answer 29

Answer: B. Use client-generated tokens embedded in HTML as hidden fields for validating the incoming request

Question 30

Which of the following practices can help security experts in securing webhooks from malicious attacks?

A. Use the same event ID to record every webhook payload within the database
B. Validate the X-OP-Timestamp above a threshold from the current time
C. Do not send confidential information using webhooks; instead, use authorized APIs
D. Ensure that the event processing is non-idempotent toward event receipts

Answer 30

Answer: C. Do not send confidential information using webhooks; instead, use authorized APIs

Question 31

Which of the following types of API vulnerabilities occurs when an input is not sanitized and can be exploited by adding malicious SQL statements to input fields to steal session cookies and user credentials?

A. Improper use of CORS
B. Business logic flaws
C. Code injections
D. Sharing resources via unsigned URLs

Answer 31

Answer: C. Code injections

Question 32

Which of the following metadata formats does the SOAP API use to reveal a large amount of technical information such as paths, parameters, and message formats?

A. Swagger
B. I/O Docs
C. API-Blueprint
D. WSDL/XML-Schema

Answer 32

Answer: D. WSDL/XML-Schema

Question 33

Which of the following is a standard protocol used to display all user information through a GET request?

A. Webhooks
B. Web API
C. WebFinger
D. SOAP API

Answer 33

Answer: C. WebFinger

Question 34

Which statement is TRUE regarding network firewalls in preventing web application attacks?

A. Network firewalls can prevent attacks because they can detect malicious HTTP traffic.
B. Network firewalls cannot prevent attacks if they are properly configured.
C. Network firewalls cannot prevent attacks because they are too complex to configure.
D. Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened.

Answer 34

Answer: D. Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened.

Question 35

Which of the following processes is an efficient way of restricting malicious input while performing data validation of web content?

A. Validate web content input for extraneous queries
B. Validate web content input for type, length, and range
C. Validate web content input for query strings
D. Validate web content input with scanning tools

Answer 35

Answer: B. Validate web content input for type, length, and range.

Question 36

If your web application sets any cookie with a secure attribute, what does this mean?

A. Cookies will be sent cross-domain
B. The client will send the cookie only over an HTTPS connection
C. The cookie cannot be accessed by JavaScript
D. The cookie will not be sent cross-domain

Answer 36

Answer: B. The client will send the cookie only over an HTTPS connection.

Question 37

In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data?

A. Generation-based
B. Mutation-based
C. None of the above
D. Protocol-based

Answer 37

Answer: B. Mutation-based.

Question 38

If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking attacks, what would you do to avoid the attacks?

A. Delete Cookies
B. Configure Application certification rules
C. Enable Remote Management
D. Harden browser permission rules

Answer 38

Answer: D. Harden browser permission rules.

Question 39

Identify the practice that can make an organization’s web application environment susceptible to SQL injection attacks.?

A. Use vulnerability scanners to identify possible entry points
B. Harden OSes and applications by following the guidelines issued by vendors
C. Use shared databases and the same account for multiple databases
D. Always use the latest versions of programming languages and technologies for development

Answer 39

Answer: C. Use shared databases and the same account for multiple databases.

Question 40

Which of the following practices helps administrators protect web applications against command injection attacks?

A. Avoid using modular shell disassociation from the kernel
B. Do not perform input and output encoding
C. Avoid using built-in library functions and call the OS commands directly
D. Scan the applications with a dynamic web vulnerability scanner to prevent code injection

Answer 40

Answer: D. Scan the applications with a dynamic web vulnerability scanner to prevent code injection

Question 41

Which of the following practices can make web applications vulnerable to command injection attacks?

A. Use language-specific libraries that avoid problems because of shell commands
B. Implement the least privileges to restrict the permissions to execute OS commands
C. Avoid enumerating the authorized values within a conditional statement
D. Use parameterized SQL queries

Answer 41

Answer: C. Avoid enumerating the authorized values within a conditional statement.

Question 42

Which of the following practices can make an organizational network susceptible to LDAP injection attacks?

A. Never configure LDAP with bind authentication
B. Use LDAPS for encrypting and securing communication on web servers
C. Sanitize all the user-end inputs and escape any special characters
D. Use SaaS-based testing services for combating LDAP injection attacks

Answer 42

Answer: A. Never configure LDAP with bind authentication.

Question 43

Which of the following practices makes an organization’s web application vulnerable to file injection attacks?

A. Employ a WAF security layer for monitoring the file injection attacks at the server
B. Check for PHP wrappers such as PHP filter and PHP ZIP to prevent access to sensitive files in the local server’s file system
C. Allow the execution of files in default directories
D. PHP: Disable allow_url_fopen and allow_url_include in php.ini

Answer 43

Answer: C. Allow the execution of files in default directories.

Question 44

Which of the following practices makes an organization’s web application vulnerable to server-side JS injection attacks?

A. Make sure to include “use strict” at the beginning of the function to enable the strict mode inside the function scope
B. Use code serialization
C. Ensure that user inputs are strictly validated on the server-side before processing
D. Use JSON.parse() instead of eval() to parse the JSON input

Answer 44

Answer: B. Use code serialization.

Question 45

Identify the practice that helps security experts defend an organization’s web application from external log injection attempts.?

A. Allow API calls to log actions because of their visibility in browser network calls
B. Allow access to physical log files
C. Use incorrect error codes and complex error messages
D. Separate legitimate and fake log entries by using a prefix for every log entry with additional metadata

Answer 45

Answer: D. Separate legitimate and fake log entries by using a prefix for every log entry with additional metadata.

Question 46

Which of the following practices makes an organization’s web server vulnerable to log injection attacks?

A. Use correct error codes and easily recognizable error messages
B. Examine the application carefully for any vulnerability that is used to render logs
C. Control execution flow by using proper synchronization
D. Always view logs with tools having the ability to interpret control characters within a file

Answer 46

Answer: D. Always view logs with tools having the ability to interpret control characters within a file.

Question 47

Which of the following is a WAF that can secure websites, web applications, and web services against known and unknown attacks?

A. ThreatSentry
B. Binwalk
C. OpenOCD
D. GRASSMARLIN

Answer 47

Answer: A. ThreatSentry.

Question 48

Which of the following practices helps security professionals protect an organization’s web application from broken access control risks?

A. Implement allow by default, except for public resources
B. Enforce model access control that registers ownership instead of allowing the user to modify the record
C. Retain session tokens on the server-side on user logout
D. Never use the session timeout mechanism

Answer 48

Answer: B. Enforce model access control that registers ownership instead of allowing the user to modify the record.

Question 49

Identify the security practice that helps security professionals prevent directory traversal attempts on an organization’s web application.?

A. Avoid using a chroot jail for Unix-based systems
B. Host documents on the same file server
C. Allow file names with a list of known good characters
D. Process URI requests that do not lead to file requests

Answer 49

Answer: D. Process URI requests that do not lead to file requests.

Question 50

Which of the following practices helps security experts protect web applications from cookie/session poisoning attempts?

A. Store plaintext or weakly encrypted passwords in cookies
B. Do not implement cookie timeout
C. Never use cookie randomization to change the website or a service cookie whenever the user makes a request
D. Avoid using generators for creating session identifiers

Answer 50

Answer: D. Avoid using generators for creating session identifiers.

Question 51

Which of the following security practices helps administrators prevent web service attacks on an organization’s web server?

A. Enable the SOAPAction attribute when not in use
B. Enable WS-Addressing completely
C. Always enable the SOAPAction attribute
D. Use an XML proxy to hide internal configuration information

Answer 51

Answer: D. Use an XML proxy to hide internal configuration information

Question 52

Identify the security practice that assists software developers in protecting web applications from JavaScript hijacking attempts.?

A. Disable the sub-resource integration feature for the JavaScript code
B. Maintain proper and unique URLs for each session that recovers JSON objects
C. Always build XML manually
D. Use the eval function

Answer 52

Answer: B. Maintain proper and unique URLs for each session that recovers JSON objects

Question 53

Which of the following countermeasures should be followed to defend against watering-hole attacks?

A. Never run the web browser in a virtual environment
B. Enable third-party content such as advertising services, which track user activities
C. Secure the DNS server to prevent attackers from redirecting the user to a new location
D. Use browser plug-ins that allow HTTP redirects

Answer 53

Answer: C. Secure the DNS server to prevent attackers from redirecting the user to a new location.

Question 54

Which of the following is considered as a quality checking and assurance technique used to identify coding errors and security loopholes in web applications?

A. Hash stealing
B. Fuzz testing
C. Sandboxing
D. Session hijacking

Answer 54

Answer: B. Fuzz testing.

Question 55

Which of the following practices helps security professionals prevent SQL injection attacks and safeguard organizational data?

A. Avoid using prepared statements, parameterized queries, or stored procedures to access the database
B. Audit databases, logs, privileges, and binding terms regularly
C. Enable unused functionalities of the database
D. Use dynamic SQL or construct queries with user input

Answer 55

Answer: B. Audit databases, logs, privileges, and binding terms regularly.

Question 56

Which of the following practices helps administrators prevent server-side template injection attempts on a web application?

A. Use predefined payloads along with in-built template expressions to examine the server responses periodically
B. Ensure that the template strings and variables are always combined
C. Never execute the template inside a sandboxed environment
D. Always create templates from user inputs

Answer 56

Answer: A. Use predefined payloads along with in-built template expressions to examine the server responses periodically

Question 57

Which of the following practices helps security professionals in protecting an organization’s web application from XSS attacks?

A. Use session IDs and timestamps to prevent attackers from accessing client account information using session cookies
B. Always trust websites that use HTTPS when it comes to XSS
C. Allow untrusted HTTP request data built on the context in the HTML output
D. Never implement Content Security Policy (CSP)

Answer 57

Answer: A. Use session IDs and timestamps to prevent attackers from accessing client account information using session cookies.

Question 58

Which of the following is a web application security testing tool that allows security experts in scanning, detecting, and assessing the vulnerabilities of web applications?

A. Invicti
B. Suphacap
C. GRASSMARLIN
D. IoTVAS

Answer 58

Answer: A. Invicti.

Question 59

Which of the following practices makes web applications susceptible to sensitive data exposure attacks?

A. Classify the data processed, stored, or transmitted by an application and apply controls accordingly
B. Use obsolete hashing functions and padding techniques
C. Use AES encryption for stored data and use TLS with HSTS (HTTP Strict Transport Security) for incoming traffic
D. Use IVs and CSPRNG only when they are required to be implemented

Answer 59

Answer: B. Use obsolete hashing functions and padding techniques.

Question 60

Which of the following practices makes an organization’s web application susceptible to insufficient logging and monitoring risks?

A. Avoid using a time synchronization model for networks
B. Analyze suspicious activities such as strange device shutdown, restarting, and logging
C. Secure the log files by encoding them during transmission
D. Setup a minimum baseline for logging and ensure that it is followed for all assets

Answer 60

Answer: A. Avoid using a time synchronization model for networks.

Question 61

Which of the following practices helps security experts defend an organization’s application environment from watering hole attacks?

A. Allow users for granting additional permissions to websites
B. Avoid running the web browser in a virtual environment
C. Use web filters to detect attacks on websites and prevent browsers from accessing infected pages
D. Avoid using browser plug-ins that block HTTP redirects

Answer 61

Answer: C. Use web filters to detect attacks on websites and prevent browsers from accessing infected pages.

Question 62

Identify the security practice that assists administrators in securing web applications from cross-site request forgery attacks.?

A. Allow your browser and website to save login details
B. Do not log off immediately after using a web application and do not clear the history
C. Maintain a per-request token assignment strategy, rather than a per-session token assignment
D. Avoid using CSRF tokens such as nonce tokens that are submitted through the hidden form field

Answer 62

Answer: C. Maintain a per-request token assignment strategy, rather than a per-session token assignment.

Question 63

Which of the following countermeasures allows security professionals to defend against web application attacks?

A. Enable commands such as xp_cmdshell
B. Connect to a database using a non-privileged account
C. Configure the firewall to allow external ICMP traffic access
D. Enable verbose error messages and use custom error pages

Answer 63

Answer: D. Enable verbose error messages and use custom error pages

Question 64

In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested?

A. Protocol-based
B. Mutation-based
C. Generation-based
D. None of the above

Answer 64

Answer: A. Protocol-based

Question 65

Identify the practice that makes an organization’s web application vulnerable to server-side including injection attempts.?

A. Ensure that directives are confined only to the web pages where they are required
B. Implement SUExec for the execution of pages as the file owner
C. Use pages with file name extensions such as .stm, .shtm, and .shtml.
D. Apply HTML encoding to the user input before executing it on the web pages

Answer 65

Answer: C. Use pages with file name extensions such as .stm, .shtm, and .shtml.

Question 66

Which of the following practices helps security professionals prevent HTML injection attempts on a web application?

A. Ensure that user outputs are also encoded, examined, and validated along with user inputs
B. Employ security solutions that allow false positives
C. Validate all the user inputs to retain the HTML-syntax substrings from the user-supplied text
D. Disable the HttpOnly flag on the server-side

Answer 66

Answer: A. Ensure that user outputs are also encoded, examined, and validated along with user inputs

Question 67

Identify the practice that makes an organization’s web application vulnerable to HTML injection attacks.?

A. Employ security solutions that avoid false positives and detect possible injections
B. Check the inputs for unwanted script or HTML code such as ,
C. Educate the developer teams along with the security teams regarding the most prevalent HTML injection attacks and their preventive measures
D. Disable the HttpOnly flag on the server side

Answer 67

Answer: D. Disable the HttpOnly flag on the server side

Question 68

Which of the following practices helps security analysts secure their organization’s web application from CRLF injection attempts?

A. Ensure that the programming language used allows the injection of CR and LF characters
B. Avoid configuring XSSUrlFilter in the web application
C. Disable unwanted headers
D. Retain all the newline strings in the content before passing it to the HTTP header

Answer 68

Answer: C. Disable unwanted headers

Question 69

Identify the security practice that helps security experts in defending web applications from cryptographic failure attacks.?

A. Generate encryption keys online and store them securely
B. Disable the auto-filling option for highly sensitive data forms
C. Avoid encrypting the data in transit using TLS
D. Never use PCI DSS compliant tokenization or truncation to remove the data

Answer 69

Answer: B. Disable the auto-filling option for highly sensitive data forms

Question 70

Which of the following security practices helps security professionals protect web applications from security misconfiguration attacks?

A. Do not add unnecessary features, components, samples, and frameworks to the application
B. Never set the “secure” flag on all sensitive cookies
C. Use the same credentials for each phase such as development, testing, and production
D. Non-SSL requests to web pages should not be redirected to the SSL page

Answer 70

Answer: A. Do not add unnecessary features, components, samples, and frameworks to the application

Question 71

Which of the following practices assists security experts in defending web applications against insecure deserialization attacks?

A. Enforce the deserialization of domain objects
B. Monitor the process of deserialization to detect constant deserialization by a user
C. Enforce serialization for security-sensitive classes
D. The deserialization of trusted data must not cross a trust boundary

Answer 71

Answer: B. Monitor the process of deserialization to detect constant deserialization by a user

Question 72

Which of the following practices helps security analysts prevent unvalidated redirects and forwards on a web application?

A. Disable notification pop-up pages while redirecting users to a new web page
B. Never implement the use of absolute and relative URLs during redirection
C. Implement token ID verification for redirecting web pages
D. Allow URL as a user input for the destination

Answer 72

Answer: C. Implement token ID verification for redirecting web pages

Question 73

Identify the practice that makes web applications susceptible to external password reset attacks.?

A. Avoid sending a temporary password via the registered email address; instead reset the password directly
B. Perform proper validation of random token and email link combinations before executing the request
C. Use advanced multi-factor authentication (MFA) techniques
D. Ensure that all password reset URLs are used only once and set an expiry time limit

Answer 73

Answer: A. Avoid sending a temporary password via the registered email address; instead reset the password directly

Question 74

Which of the following practices helps security professionals secure web applications from same-site attacks?

A. Avoid using dangling domain records as a validation mechanism
B. Disable DNS misconfiguration verification and validation process
C. Never educate users on CNAME DNS entry verification and its impacts
D. Duly update DNS records on the corresponding DNS server

Answer 74

Answer: A. Avoid using dangling domain records as a validation mechanism