Computer System Security quiz 9 soluton

 

computer system security quiz 9 solution

Q:1. Which of the following is correct for CSRF attack?

1.It tricks user to send malicious request to server.

2.Cookie can be used in CSRF attack

3.Both 1 and 2

4.None of the mentioned above

Answer :- Both 1 and 2

Reason:- Using a cookie to provide the CSRF token to the client does not allow a successful attack because the attacker cannot read the value of the cookie and therefore cannot put it where the server-side CSRF validation requires it to be , and Cross-site request forgery attacks (CSRF or XSRF for short) are used to send malicious requests from an authenticated user to a web application

Q:2. One of the ways to prevent CSRF attack is that you should use _____ validation.

1.Referrer

2.CSRF token

3.browser

4.Both 1 and 2

Answer:- Both 1 and 2

Reason:-  Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. A successful CSRF attack can be devastating for both the business and user

Q:3. Some of the vulnerability of a websites is/are ?

1.SQL Injection

2.CSRF

3.Cross Side Scripting

4.All of the above

Answer:- (d) All of the above .

Reason:- A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets

Q:4. _________ is a attack in which the script is stored permanently on server.

1.Stored XSS

2.Reflected XSS

3.DOM based attack

4.All of the above

Answer:- (a) Stored xss

Reason:- Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information.

Q:5. Which of the following is true for DOM-based XSS attack ?

1.Set the HttpOnly flag in cookies

2.Ensure that session IDs are not exposed in a URL

3.payload can not be found in response

4.None of the above

Answer:- (c) payload can not be found in response.

Reason:- DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim's browser used by the original client side script, so that the client side code runs in an “unexpected” manner.