Your application sets a cookie with Secure attribute. What does this mean?
The cookie cannot be accessed by JavaScript
The cookie will not be sent cross-domain
Client will send the cookie only over an HTTPS connection
2. Multiple Choice
30 seconds
1 pt
Your web page includes advertising JavaScript from a third-party service. Is it safe to assume that problems like XSS, caused by this third-party JavaScript, is not technically possible on your web page?
Yes, if you validate the JavaScript before you deploy it on your page
No
3. Multiple Choice
30 seconds
1 pt
All SQL queries can be made safe using prepared statements?
Yes
Yes, if both the server and the client supports prepared statements
No, dynamically created specifiers like "LIMIT ?" etc. needs separate validation
4. Multiple Choice
30 seconds
1 pt
Placing user submitted data into a typical HTML document is always safe (XSS-wise) if you escape HTML specific characters: <, >, &, ', " from the user input? Ie. you use htmlspecialchars() funtion in PHP (with ENT_QUOTES).
Yes
No, context-specific escaping is needed
5. Multiple Choice
30 seconds
1 pt
Which type of encryption poses challenges to key transport?
Asymmetric-key encryption
Hash encryption
Symmetric-key encryption
Diffie-Hellman
6. Multiple Choice
30 seconds
1 pt
In relation to security, which of the following is the primary benefit of classifying systems?
Ability to identify common attacks
Identification of highest-priority systems to protect
Ability to recover quickly from a natural or man-made disaster
Collection of information for properly configuring the firewall
7. Multiple Choice
30 seconds
1 pt
How do activity logs help to implement and maintain a security plan?
Activity logs provide advice on firewall installation, because they enable network baseline creation.
Activity logs remind users to log on with strong passwords, because the logs can be analyzed to see if users are complying with policy.
Activity logs allow you to determine if and how an unauthorized activity occurred.
Activity logs dissuade would-be hackers from breaching your security.