A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?
A. Maintained session by creating a Session variable user with value stored in uname variable.
B. Maintained session by creating a hidden variable user with value stored in uname variable.
C. Maintained session by creating a HTTP variable user with value stored in uname variable.
D. Maintained session by creating a Cookie user with value stored in uname variable.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Identify the type of attack depicted in the following figure.
A. Denial-of-Service Attack
B. Session Fixation Attack
C. Parameter Tampering Attack
D. SQL Injection Attacks
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A
US-based ecommerce company has developed their website www.ec-sell.com to sell their products online.
The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to
http://www.ec-sell.com/products.jsp?val=200 OR
'1'='1 -. The product.jsp page is vulnerable to
A. SQL Injection attack
B. Session Hijacking attack
C. Cross Site Request Forgery attack
D. Brute force attack
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?
A. < int-param > < param-name>directory-listinqs < param-value>true < /init-param >
B. < int param > < param-name>directorv-listinqs < param-value>false < /init-param >
C. < int-param > < param-name>listinqs < param-value>false < /init-param >
D. < int-param > < param-name>listinqs < param-value>true < /init-param
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp
< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >
However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?
A. He should write code like out.write (("You Searched for:" +(search));
B. He should write code like out.write ("You Searched for:" + request.qetParameterf'txt Search"));
C. He should write code like out.write ("You Searched for:" + request.qetParameter("search"l.toStrinq(ll;
D. He should write code like out-Write ("You Searched for:" +ESAPI.encoder().encodeForHTML(search));
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
吉川** -
解釈でわかりやく内容を明示。つまづきやすいポイントをフォローしてくれてる。合格力が効率的に身に付きます。そういうところもやはりPass4Test素敵だと思う点です