Professional Documents
Culture Documents
A) Error
B) Blind
C) Scripted
D) Query
Information is gathered by true or false statements from database is called BLIND.
Information is gathered by error statements from database is called ERROR.
A) Security flaw
B) Loop hole
C) Bug
D) Attack
A vulnerability is a security flaw or loophole in development of an application or program or in
security team
A) 1=”1”--
B) "1"="1"#
C)1'='1'
D) 1=1
A) Infrastructure
B) Testing
C) Authentication
D) Authorization
Security testing team tests the infrastructure, authentication and authorization process to ensure
security
A) Html
B) Java
C) Java Script
D) Python
It is a scripting attack, we use javascript for this attack.
A) DOM
B) Reflected
C) Cross site
D) Requested
Reflected is a attack which is executed for certain period of time.
A) Client side
B) Server side
C) User based
D) System based
This attack is performed on client side
A) Cyber Threats
B) Crimes
C) Business impacts
D) Security impacts
A) Low privilege
B) High privilege.
C) User privilege
D) Admin privilege
A) Ransomware
B) Phishing
C) Password guessing
D) Password Enumeration
A) 3
B) 5
C) 6
D) 2
Error based
Authentication bypass
blind
A) Application Security
B) Domain Security
C) Internet Security
D) Web Security
A) Authorized Hackers
B) Un-Authorized Hackers
C) Scripted Hackers
D) Grey- Hat Hackers
A) A1
B) A2
C) A3
D) A4
B) client-side operation
D) server-side operation
A) Injections prevention
B) Input prevention
C) Input validation
D) Output validation
A) Exposing data
B) Exposing Un-Authorized data
C) Exposing information
D) Exposing URL
A) Verification of Data
B) Improper Function of Application
C) Verification Monitoring Failure
D) Improper Implementation of Logging and logout
A) Spear
B) Vishing
C) Mail
D) Account
A) Login phishing
B) Password phishing
C) User phishing
D) Whaling
A) Input validation
B) Output validation
C) Data sanitization
D) Prevention of untrusted data from database
A) 402
B) 200
C) 99
D) 2000
A) Ok
B) Bad request
C) Un authorized
D) Forgery request
Q33)Cross site request Forgery needs a client application to be done -
A) True
B) False
A) Knowledge on VAPT
B) Knowledge and working methodologies of VAPT
C) Knowledge and working operations of VAPT
D) NONE OF THE ABOVE
A) Psychical testing
B) Manual testing
C) Automation testing
D) Security testing
A) Security Flaws
B) Security Misconfigurations
C) Human Error
D) All the Above
A) OpenVAS
B) OWASP
C) SQL map
D) White box
A) Brute force
B) Guessing
C) Password Enumeration
D) Foot printing
A) Brute force
B) Phishing
C) CSRF
D) All the above
A) Cryptography
B) Encryption
C) Decryption
D) Hiding data
A) O.T.P
B) Password
C) Login
D) User
A) Authentication
B) Authorization
C) Business logic issues
D) Sensitive data exposure
A) SQL Injection
B) CSS injection
C) XML injection
D) Template injection
A) Barer token
B) Custom
C) Basic auth token
D) None
A) Yes
B) No
If yes; mention the reason
A) Yes
B) No
C) Mention detailed explanation of information type.
User interests, logs, session details,
Q51) write down Complete Authentication process life cycle with a real time application as example
Q55) write down the steps for securing a web and mobile application to prevent vulnerabilities
using prevention and mitigation techniques
26) What is network
Connection of multiple devices to ensure communication is called NETWORK.
33) What is IP
It is the identification device on the network.
45) What is the difference between vulnerability assessment and penetration testing
VA is the process of identifying, understanding and prioritizing them based on their
effect/impact.
It is the process of penetrating the networks & systems for security testing.