Misconfigured or disabled security features ABC 49) Which of the following are most often associated with a security misconfiguration threat? (Choose two.)ĭ. Insufficient transport layer protection ABC 43) Which of the following are the most common results of a cross-site request forgery? (Choose three.)Į. AC 41) Which of the following threats are most likely to be caused by poor input validation? (Choose three.)Į. Send successful logins to a well-known location instead of automatic redirection. Perform an access check each time a resource identifier arrives as input.ĭ. Use POST parameters instead of GET parameters.Ĭ. DE 38) Which of the following are the best ways to mitigate the threat of an insecure direct object reference attack? (Choose two.)ī. Accessing a resource without authorization. Modifying SQL data pointed to by the query.Į. GET/POST parameters AB 37) Which of the following vulnerabilities are most likely to occur due to an insecure direct object reference attack? (Choose two.)Ĭ. Sending successful logins to a well-known location AB 36) Which of the following objects are most susceptible to an insecure direct object reference attack? (Choose two.)ĭ. Providing access to restricted resourcesĭ. BD 34) Which of the following tasks are performed by a session-based system? (Choose two.)ī. It should always use a non-persistent cookie. It should always use a persistent cookie.ĭ. It should be used as a replacement for a user's credentials.Ĭ. It should identify returning users to the site.ī. To increase security in this scenario, an authentication token should meet which of the following requirements? (Choose two.)Ī. ACE 32) A session-based system authenticates a user to a Web site to provide access to restricted resources. Credentials are always protected with encryption or cryptographic salting and hashing. Session IDs are only accepted from cookies and parameter variables.Į. User logout and session inactivity are required.ĭ. Use a GOTCHA to prevent automated attacks.Ĭ. Forwarding system functionality AB 31) Which of the following are authentication system mandatory requirements? (Choose three.)ī. AB 26) Which of the following functionalities should you include in an authentication and session management system? (Choose two.)ĭ. Find out if you need to use session-based indirection. Find out if form variables are available to store data.ĭ. Find out if you can use a small extension to an existing component to implement the system.Ĭ. Find out if a suitable framework component already exists.ī. 24) Which of the following actions should you take before implementing a custom authentication and session management system? (Choose two.)Ī.
0 Comments
Leave a Reply. |