Chapter 1 - information Security overview P a g e | 25
a . Set of privileges . b . Set of groups c . Set of users d . Set of credentials ( user names , passwords )
9 . When handling input according to black list approach we : a . Grant only valid patterns . b . Reject only malicious patterns c . Allow user with right credentials ( user name , password ). d . All the above .
10 . The following input rules list Deny all ; Accept integer numbers ; Accept negative numbers ;
Is applying : a . Black list approach
b . White list approach c . Sanitization approach d . All the above
11 . Which of the following operation is a sanitization operation ? a . “ Noting that x < y in this equation ” is converted to “ Noting that x & lt ; y in this equation ” b . “ The moon looks shiny today .”
Is converted to “/ The / moon / looks / shiny / today ” c . Goto google < script > location (‘ http :// google . com ’);</ script > converted to Goto google < script > location (/‘ http :// google . com ’);</ script d . None of the above 12 . In input handling : a . It is enough to have the sent input of the right type and with no special characters . b . It is enough to have each request checked separately to assure of no malicious activity . c . It is enough to sanitize once the request content to be sure that no attack will take place . d . None of the above
Answers key
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
d |
c |
d |
d |
c |
b |
d |
a |
b |
b |
d |
d |
|
|
|