Chapter 1- information Security overview P a g e | 25
a. Set of privileges. b. Set of groups c. Set of users d. Set of credentials( user names, passwords)
9. When handling input according to black list approach we: a. Grant only valid patterns. b. Reject only malicious patterns c. Allow user with right credentials( user name, password). d. All the above.
10. The following input rules list Deny all; Accept integer numbers; Accept negative numbers;
Is applying: a. Black list approach
b. White list approach c. Sanitization approach d. All the above
11. Which of the following operation is a sanitization operation? a.“ Noting that x < y in this equation” is converted to“ Noting that x & lt; y in this equation” b.“ The moon looks shiny today.”
Is converted to“/ The / moon / looks / shiny / today” c. Goto google < script > location(‘ http:// google. com’);</ script > converted to Goto google < script > location(/‘ http:// google. com’);</ script d. None of the above 12. In input handling: a. It is enough to have the sent input of the right type and with no special characters. b. It is enough to have each request checked separately to assure of no malicious activity. c. It is enough to sanitize once the request content to be sure that no attack will take place. d. None of the above
Answers key
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
d |
c |
d |
d |
c |
b |
d |
a |
b |
b |
d |
d |
|
|
|