You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Certified Application Security Engineer JAVA Practice Test 1 "
0 of 50 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Certified Application Security Engineer JAVA
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Answered
Review
Question 1 of 50
1. Question
A HttpSession can be validated with the invalidate() method
Input validation in servlet filters in Java web application is effective due to minor modifications needed for input validation as servlets filters are centralized in nature
Incorrect
Input validation in servlet filters in Java web application is effective due to minor modifications needed for input validation as servlets filters are centralized in nature
Unattempted
Input validation in servlet filters in Java web application is effective due to minor modifications needed for input validation as servlets filters are centralized in nature
Functional requirements are __ requirements specifying what the software should do
Correct
Functional requirements are the positive requirements specifying what the software should do
Incorrect
Functional requirements are the positive requirements specifying what the software should do
Unattempted
Functional requirements are the positive requirements specifying what the software should do
Question 9 of 50
9. Question
__ attack exhausts available server resources by sending hundreds of resource-intensive requests such as pulling out large image files or requesting dynamic pages that require expensive search operations on the backend of database servers
Correct
DOS attacks exhaust available server seources by sending hundreds of resource-intensive requests
Incorrect
DOS attacks exhaust available server seources by sending hundreds of resource-intensive requests
Unattempted
DOS attacks exhaust available server seources by sending hundreds of resource-intensive requests
Question 10 of 50
10. Question
Which out of DES and AES (128 bit and above) is a strong symmetric algortihm?
There is no need to for patching and updating the web server regularly
Correct
False. Not deploying patches and updates to the web server regularly can allow attackers to run malicious code or intrude the server
Incorrect
False. Not deploying patches and updates to the web server regularly can allow attackers to run malicious code or intrude the server
Unattempted
False. Not deploying patches and updates to the web server regularly can allow attackers to run malicious code or intrude the server
Question 12 of 50
12. Question
__ attacks exploit vulnerabilities in dynamically generated web pages, which enables malicious attackers to inject client-side script into web pages viewed by other users
Correct
Cross-site scripting attacks exploit vulnerabilities in dynamically generated web pages
Incorrect
Cross-site scripting attacks exploit vulnerabilities in dynamically generated web pages
Unattempted
Cross-site scripting attacks exploit vulnerabilities in dynamically generated web pages
Question 13 of 50
13. Question
Always configure SSL for web applications in order to protect session IDs from prying eyes
Correct
True. Set the SSLEnable=”true” in the server.xml to use SSL and avoid MITM attacks
Incorrect
True. Set the SSLEnable=”true” in the server.xml to use SSL and avoid MITM attacks
Unattempted
True. Set the SSLEnable=”true” in the server.xml to use SSL and avoid MITM attacks
Question 14 of 50
14. Question
An application is said to be secure when it ensures __ of its restricted resources.
Correct
Remember the Confidentiality, Integrity and Availability (CIA) Triad
Incorrect
Remember the Confidentiality, Integrity and Availability (CIA) Triad
Unattempted
Remember the Confidentiality, Integrity and Availability (CIA) Triad
Question 15 of 50
15. Question
In Java, logging frameworks are provided by the package __ and used to write log messages on to a central location
__ allows attackers to access restricted directories including application source code, configuration files, critical system files and execute commands outside the webserver’s root directory
Correct
Performing Directory Traversal attackers can manipulate variables that reference files with “dot-dot-slash (../)” sequences and its variations
Incorrect
Performing Directory Traversal attackers can manipulate variables that reference files with “dot-dot-slash (../)” sequences and its variations
Unattempted
Performing Directory Traversal attackers can manipulate variables that reference files with “dot-dot-slash (../)” sequences and its variations
Question 19 of 50
19. Question
Security requirements are __ requirements specifying what the software should not do
Correct
Security requirements are negative requirements specifying what the software should not do
Incorrect
Security requirements are negative requirements specifying what the software should not do
Unattempted
Security requirements are negative requirements specifying what the software should not do
__ is aimed to maliciously change/modify persistent data
Correct
Tampering is aimed to maliciously change/modify persitent data, such as persistent data in a database, alteration of data in transit between two computers over an open network such as the internet
Incorrect
Tampering is aimed to maliciously change/modify persitent data, such as persistent data in a database, alteration of data in transit between two computers over an open network such as the internet
Unattempted
Tampering is aimed to maliciously change/modify persitent data, such as persistent data in a database, alteration of data in transit between two computers over an open network such as the internet
Question 22 of 50
22. Question
__ is aimed to illegally access and use another user’s credential
Correct
Spoofing is aimed to illegally access and use another user’s credentials such as username and password
Incorrect
Spoofing is aimed to illegally access and use another user’s credentials such as username and password
Unattempted
Spoofing is aimed to illegally access and use another user’s credentials such as username and password
Question 23 of 50
23. Question
A successful application level attack may result into:
Correct
A successful application level attack may result into: Financial Loss, Disclosure of Business Information, Affects Business Continuity, Closure of Business, Damages ReputationFraudulent Transactions
Incorrect
A successful application level attack may result into: Financial Loss, Disclosure of Business Information, Affects Business Continuity, Closure of Business, Damages ReputationFraudulent Transactions
Unattempted
A successful application level attack may result into: Financial Loss, Disclosure of Business Information, Affects Business Continuity, Closure of Business, Damages ReputationFraudulent Transactions
Question 24 of 50
24. Question
Always prefer whitelisting as compared to blacklisting
Correct
True. Whitelisting takes more of a trust-centric approach and is considered to be more secure
Incorrect
True. Whitelisting takes more of a trust-centric approach and is considered to be more secure
Unattempted
True. Whitelisting takes more of a trust-centric approach and is considered to be more secure
Question 25 of 50
25. Question
The main purpose of __ is to verify a user’s access to a protected segment of the web application
False. Checked Exceptions are compile time exceptions and can be handled by programmers
Incorrect
False. Checked Exceptions are compile time exceptions and can be handled by programmers
Unattempted
False. Checked Exceptions are compile time exceptions and can be handled by programmers
Question 28 of 50
28. Question
You should remove server banner from Tomcat
Correct
True. Server Banner gives out the product and version details which leads to information disclosure vulnerability
Incorrect
True. Server Banner gives out the product and version details which leads to information disclosure vulnerability
Unattempted
True. Server Banner gives out the product and version details which leads to information disclosure vulnerability
Question 29 of 50
29. Question
__ is one of the software security assurance approach to identify security-related weaknesses in the code.
Correct
Static Application Security Testing or also known as Secure Code Review involves detailed systematic inspection of source code to detect vulnerabilities and design flaws.
Incorrect
Static Application Security Testing or also known as Secure Code Review involves detailed systematic inspection of source code to detect vulnerabilities and design flaws.
Unattempted
Static Application Security Testing or also known as Secure Code Review involves detailed systematic inspection of source code to detect vulnerabilities and design flaws.
Question 30 of 50
30. Question
A __ attack involves manipulation of parameters exchanged between client and server in order to modify application data such as user credentials and permissions, price and quantity of products
Correct
A parameter tampering attack exploits vulnerabilities in integrity and logic validation mechanisms that may result in XSS,SQL Injection.etc,.
Incorrect
A parameter tampering attack exploits vulnerabilities in integrity and logic validation mechanisms that may result in XSS,SQL Injection.etc,.
Unattempted
A parameter tampering attack exploits vulnerabilities in integrity and logic validation mechanisms that may result in XSS,SQL Injection.etc,.
Question 31 of 50
31. Question
You should set the secure attribute of cookie in web.xml as true
__ is the last phase of software development lifecycle where the application is moved from development environment to production environment
Correct
Deployment is the last phase before the product is deployed in production
Incorrect
Deployment is the last phase before the product is deployed in production
Unattempted
Deployment is the last phase before the product is deployed in production
Question 36 of 50
36. Question
Once security requirements are correctly understood, they can help in implementing security in __ stages
Correct
Correctly understood security requirements can help in implementing security in design, development and testing stages. It can save billions of dollars to address security at a later phase in software development
Incorrect
Correctly understood security requirements can help in implementing security in design, development and testing stages. It can save billions of dollars to address security at a later phase in software development
Unattempted
Correctly understood security requirements can help in implementing security in design, development and testing stages. It can save billions of dollars to address security at a later phase in software development
Question 37 of 50
37. Question
In which phase of SDLC should you use SAST?
Correct
SAST must be used in Development phase of SDLC
Incorrect
SAST must be used in Development phase of SDLC
Unattempted
SAST must be used in Development phase of SDLC
Question 38 of 50
38. Question
To prevent the client script from accessing the session cookie, set the http-only Cookie attribute to __ in the web.xml
__ attacks exploit web pag vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send mailicous requests, which they did not intend to send.
Correct
In CSRF attack the user, who is the victim holds an active session with a trusted site and simulatenously visits a malicious site which injects an HTTP request for the trusted site into the victim user’s session
Incorrect
In CSRF attack the user, who is the victim holds an active session with a trusted site and simulatenously visits a malicious site which injects an HTTP request for the trusted site into the victim user’s session
Unattempted
In CSRF attack the user, who is the victim holds an active session with a trusted site and simulatenously visits a malicious site which injects an HTTP request for the trusted site into the victim user’s session
Question 41 of 50
41. Question
__ package is used for encryption and hashing in Oracle Database
Cost of Fixing vulnerabilities will be highest at which phase of SDLC?
Correct
Cost of fixing vulnerbailities increases exponentially as SDLC progresses
Incorrect
Cost of fixing vulnerbailities increases exponentially as SDLC progresses
Unattempted
Cost of fixing vulnerbailities increases exponentially as SDLC progresses
Question 50 of 50
50. Question
The struts validator framework is used to validate input on __
Correct
Struts validator framework isused to validate input on both the user browser and the server side. It uses a utility called commons validator for validating input
Incorrect
Struts validator framework isused to validate input on both the user browser and the server side. It uses a utility called commons validator for validating input
Unattempted
Struts validator framework isused to validate input on both the user browser and the server side. It uses a utility called commons validator for validating input
X
Use Page numbers below to navigate to other practice tests
