Quiz 5

Question 1

What is the main focus of the OWASP Top 10 list?

Network security issues

Web application security risks

Mobile security vulnerabilities

Physical security threats

Answer 1

Web application security risks

Question 2

Which of the following is an OWASP Top 10 category?

Malware

Phishing attacks

Injection

Denial of Service (DoS)

Answer 2

Injection

Question 3

IMPORTANT Which OWASP Top 10 category deals with improper handling of user authentication?

Security Misconfiguration

Cross-Site Scripting (XSS)

Broken Access Control

Broken Authentication

Answer 3

Broken Access Control

Question 4

Which OWASP Top 10 risk focuses on security failures related to API keys, credentials, or sensitive data?

Injection

Cryptographic Failures

Vulnerable and Outdated Components

Security Misconfiguration

Answer 4

Cryptographic Failures

Question 5

IMPORTANT What OWASP Top 10 risk is primarily associated with unvalidated or unsanitized user input, often leading to malicious code execution?

Injection

Security Misconfiguration

Cross-Site Scripting (XSS)

Cryptographic Failures

Answer 5

Injection

Question 6

Which of the following describes the OWASP Top 10 risk “Cryptographic Failures” (formerly Sensitive Data Exposure)?

Allowing long-term session tokens

Incorrect logging of user activity

Failing to limit file upload size

Using deprecated cryptographic algorithms

Answer 6

Using deprecated cryptographic algorithms

Question 7

The OWASP Top 10 risk “Security Misconfiguration” often occurs when:

Passwords are stored in plaintext

Input is not validated

Logging is turned off

Default settings or configurations are use

Answer 7

Default settings or configurations are use

Question 8

What is the key concern of the OWASP Top 10 (2021) risk “Vulnerable and Outdated Components”?

Poor encryption implementation

Misuse of object serialization

Lack of input validation

Use of unpatched or outdated software components

Answer 8

Use of unpatched or outdated software components

Question 9

Which owasp top 10 does the following security vulnerability belong to?

pstmt.setString(1, request.getParameter(“acct”));

ResultSet results = pstmt.executeQuery( );

https://example.com/app/accountInfo?acct=notmyacct

Answer 9

Broken Access Control

Question 10

Which of the following best mitigates the risk of “Broken Access Control” as described in OWASP Top 10?

Enforcing least privilege and role-based access control (RBAC)

Validating user input to prevent injection attacks

Implementing Multi-Factor Authentication (MFA)

Using Content Security Policy (CSP) headers

Answer 10

Enforcing least privilege and role-based access control (RBAC)