Your Perfect Assignment is Just a Click Away

We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!

How It Works
Order Now
glass
pen
clip
papers
heaphones

APUS Cyber Security And Cryptography Questions

Computer Science

Computer Science

APUS Cyber Security And Cryptography Questions

Description

Cryptography and Application Security 

1. Code Access Security (CAS) is implemented by carrying out AuthZ on pieces of code to determine whether that particular code should be allowed to run with the desired capabilities or not. If this is a true statement, which of the following  statements are FALSE

a. Prevents the files, images and other documents uploaded by the user from carrying out malicious actions

b. To place potential malicious code in a “Sandboxed” environment to prevent damage if it gets triggered to activate by a C2C command

c. Prevent malicious users from gaining access to the web application

d. To prevent certain potential portions of the application code from being executed in case the web server is compromised

2. The process by which the data owner grants access rights is called

a. Role – Based Access Control

b. Rule – Based Access Control

c. Discretionary Access Control

d. Preferential Access Control

3. The secret random number – based password used for authentication is called

a. Security Token

b. Digital Signature

c. Digital Certificate

d. PIN

4. The process by which a user is granted access to multiple applications based on validation on a single interface is called

a. Digest Access Authentication

b. Single Sign – On Authentication

c. Custom Authentication

d. Built-in HTTP Authentication

5. You are the Subject Matter Expert (SME) in your organization for all aspects pertaining to Cyber Security. To prevent attacks at the database level, which is the best method that you would insist your web development team to follow

a. Implement proper validation of the data that is input by the user at the application level to remove any special characters and build the database query

b. Use of carefully mapped functions that are required to be carried out by the application into custom-developed stored procedures with the database query

c. Ensure proper logging of all the database query that is being filed against the database server for monitoring and forensic analysis

d. Implement a custom query generator at the application level by allowing users to select the functionality that needs to be searched from the database for easy use.

6. Basic Access & Digest Access -based authentications for Websites is part of

a. Single Sign -On Authentication

b. Custom Authentication

c. Built-in HTTP Authentication

d. PKI Based Authentication

7. The Digest Access Authentication system, is said to have been under which of the following attack when it is tricked to revert to basic authentication or older methods?

a. SQL Injection

b. Cross-Site Scripting Attack

c. Man-in-the-Middle attack

d. Password Fuzzing

8. You are the Subject Matter Expert (SME) in your or ganization for all aspects pertaining to Cyber Security. Your development team who are implementing Authorization within the business logic of the application are in a dilemma of selecting measures to implement the correct method(s). They come to you for advice, what would you recommend to them given the fact that they have a small but talented team of developers (Select all the applicable, correct answers)

a. Use of built-in frameworks for implementing authorization provided by the development platforms

b. Implement available Oauth/BBAuth etc. open-source plugins that are available in addition to those provided by the built-

in framework for added security

c. Development of a custom logic framework for carrying out the authorization at the business logic level

d. Outsource the complete development of authorization to a third-party vendor, undertake quality checks on the developed module, and use the API calls.

9. You are the Subject Matter Expert (SME) in your organization for all aspects pertaining to Cyber Security

. Your development team who are implementing Authentication & Authorization for a new service line that your organization is planning to launch with respect to an online shopping portal for women’s clothing line. They come to you for advice regarding the best possible methodology to be followed. What would be your recommendation to them be, keeping the overall objective of your organization and cyber security of the website in mind?

a. Implement Customer Identity Access Management solution across the board

b. Get the best Identity & Access Management solution to ensure the authorized persons only have access to the portal

c. Carryout hardening of the base OS of the web server and ensure that file-level access is controlled and monitored.

d. Implement Social Login using popular social media sites like Facebook, Twitter, etc and make it easy for the clients to access the site and do shopping.

10. The principle of Least Privilege is implemented by which of the following controls 

a. Rule-Based Access Control

b. Role-Based Access Control

c. Permission-Based Access Control

d. All the above

11. The process by which a user is identified by a User ID/Name and a Password is called 

a. Role Checking

b. Authentication

c. Auditing

d. Access Control

12. Whilst parsing through the logs of your web server you come across a peculiar command which ended like /../../../../../image.jpeg has been recorded. You check with your development team and have a detailed discussion. What are your thoughts on it?

a. Remote file upload has been enabled for users to share documents

b. The file name of the uploaded file is not renamed to a random name

c. The uploaded files are not saved in a different location in the server to avoid direct reference by the user in the URL

d. All the above

13. You are the Subject Matter Expert (SME) in your organization on for all aspects pertaining to Cyber

Security. The development team are working on a new web application for a new service line. They come to you for advice about how to implement file upload from the users safely. What will be your advice to them?

a. Under take a whitelisting of file types that can be uploaded to avoid special files like xml, xhtml, rhtml, shtml, swf, etc.

b. Rename the file uploaded with a random name

c. Ensure input validation of the uploaded filename use an expected extension and if ZIP files are permitted then do a validation check before unzip action is performed 

d. All the above

14. Which of the following keeps track of users’ activity in a Web Application?

a. Authentication

b. Authorization

c. Authoring

d. Accounting

15. Which of the following prevents a user from denying they accessed a specific resource?

a. Authorization

b. Authentication

c. Auditing

d. Non-Repudiation

16. You are the Subject Matter Expert (SME) in your organization for all aspects pertaining to Cyber Security. Your development team approaches you with details of how they are implementing session management. During discussions, the following different session ID options emerged. What will be your advice to them?

a. JSESSIONID

b. ASP.NET_SessionId

c. PHPSESSID

d. Id

17. You are the Subject Matter Expert (SME) in your organization for all aspects pertaining to Cyber Security. Your development team came across a strategy that should be followed whilst implementing Session Management. They approach you with a list given below, help them identify the statement which is NOT correct with respect to session management

a. Session ID must be unpredictable random no of at least 64 bits in length

b. Session ID entropy is affected by the length of the ID and the quality of the PRNG, which is used.

c. Factors like the number of concurrent active sessions the web application has and absolute session expiration timeout do not affect the session ID entropy

d. Session ID must be long enough to prevent brute force attack where an attacker can generate all the values the ID can  take and check if a val id session exists

18. When helping your development team implement Session Management, which of the following implementation methods allow features to define advance token properties such as expiration date and time or granular usage constraints.

a. URL arguments on GET requests

b. Body arguments on POST request

c. URL Parameters / URL Rewriting

d. Cookies (Standard HTTP header)

19. In an environment you find that most browser settings are set to disable cookies due to security reasons. In such a scenario, which would be the best option that you would recommend for your team to use for session management?

a. Standard HTTP header

b. URL encoding

c. Web forms with hidden fields

d. HTTP Digest Authentication

20. Which of the following cookie will be deleted after you close your browser?

a. Persistent Cookie

b. Session Cookie

c. Server-side Cookie

d. Client-side Cookie

21. To prevent session fixation and further hijacking, what would you recommend to your developer team to implement with respect to the expiration value for the persistent cookies

a. < 30 minutes

b. >30 minutes

c. No expire

d. Do not have persistent cookies at all 22. The SameSite attribute is used to mitigate

a. Injection Attacks

b. XSRF Attacks

c. XSS Attacks

d. Man-in-the-middle Attacks

23. You are the Security Professional in charge of designing the security measures needed for implementing Web Application Authorization and Session Management function. Your development team is contemplating about the server-side session management or client-side session management methods. They discuss the features of client-side session management as given below Which of the following statements are not correct?

a. Most of the session state information is stored on the client-side when the need for data transmission between the client and server is less

b. The session state information is stored on the client-side in the form of cookies.

c. To implement client-side session management, the client must ensure the CIA of the data is protected

d. The session data is encrypted using the client and server keys which are exchanged during the start of session establishment

24. You are the Security Professional in charge of designing the security measures needed for implementing Web  application Authorisation and Session Management function. Your development team discuss the features of Opaque okens as given below

Which of the following statements are NOT correct?

a. The Opaque tokens are randomly generated strings that contain the information in an encrypted form and signed by the authorization server

b. You will need to implement a database or cache lookup every time they are used

c. Opaque tokens are held by the server that issues it and the client with which the communication has been established

d. To validate the opaque token, the client needs to call the server that issued it

25. You are the Security Professional in charge of designing the security measures needed for implementing Web Application Authorisation and Session Management function. Your development team is contemplating about the server-side session management or client-side session management methods. They discuss the features of Server-side session management as given below.

Which of the following statements are NOT correct?

a. Most of the session state information is held on the server in order to reduce the data transmission between the client and server

b. Most of the session state information is held on the server as well as the client side in order to reduce the data transmission between the client and server 

c. The server-side session management can store large amounts of data pertaining to state information that can be accessed easily by the server

d. The server-side session state data is stored in a file or database in the server

26. When the attackers can analyze the pattern in the SIDs created by the service to guess a valid SID to gain access is called as

a. Session Hijacking

b. Session Sniffing

c. Session Prediction

d. Session Fixation

27. What happens when an application takes user-inputted data and sends it to a web browser without proper validation and escaping?

a. Broken Authentication and Session Management

b. Cross-Site Scripting

c. Insecure Direct Object References

d. Security Misconfiguration

28. What is the attack that exploits the trust factor between the server and the user’s browser?

a. Cross-Site Scripting

b. Session Hijacking

c. SQL Injection

d. Session Poisoning

29. When the attacker can create a fixed SID and tricks a legitimate user into using the fixed SID is called as

a. Session Hijacking

b. Session Sniffing

c. Session Poisoning

d. Session Fixation

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: Writers Hero only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Writers Hero are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Writers Hero is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Writers Hero, we have put in place a team of experts who answer all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.

Menu
Free resources
 
Dissertation help
 
Email
support@writeship.com
Writershero.org ©2023 All rights reserved. Terms of use | Privacy Policy