250+ TOP MCQs on Application Security and Answers

RDBMS Multiple Choice Questions on “Application Security”.

1. If an attacker manages to get an application to execute an SQL query created by the attacker, then such attacks are called as _________
a) SQL attacks
b) SQL injection attacks
c) SQL usage attack
d) SQL destroyer attack

Answer: b
Clarification: If an attacker manages to get an application to execute an SQL query created by the attacker, then such attacks are called as SQL injection attacks.

2. An attack on a website that stores and displays text to a user is known as ______ attack
a) SQL attack
b) XSS attack
c) XRP attack
d) None of the mentioned

Answer: b
Clarification: An attack on a website that stores and displays text to a user is known as XSS attack. It is called as cross site scripting attack.

3. The URL of the page that had the link that the user clicked to access the page is called as _____
a) Source
b) Linker
c) Leaker
d) Referrer

Answer: d
Clarification: The URL of the page that had the link that the user clicked to access the page is called as referrer. The HTTP protocol allows the server to check the referrer.

4. State true or false: Password leakage is a major security problem
a) True
b) False

Answer: a
Clarification: Password leakage is a major security problem because the leaked password grants access to malicious visitors.

5. The system where two independent pieces of data are used to identify a user is called as ______
a) Two system authentication
b) ID password authentication
c) Two factor authentication
d) Multi data authentication

Answer: c
Clarification: The system where two independent pieces of data are used to identify a user is called as two-factor authentication. The two factors should not share a common vulnerability.

6. What are man in the middle attacks?
a) Users are forced to use a second server which causes the attack
b) Users are forced to divert to a fake site where the attack takes place
c) Users are fooled by similar GUI and data is extracted from them.
d) None of the mentioned

Answer: b
Clarification: Man in the middle attacks are those attacks in which the users are forced to divert to a fake site where the attack takes place. The fake site is then used to obtain the data from the user.

7. What are phishing attacks?
a) Users are forced to use a second server which causes the attack
b) Users are forced to divert to a fake site where the attack takes place
c) Users are fooled by similar GUI and data is extracted from them.
d) None of the mentioned

Answer: c
Clarification: Phishing attacks are those attacks in which users are fooled by similar GUI and data is extracted from them. The fake site is then used to obtain the data from the user.

8. What is the standard for exchanging authentication and authorization information between two different security domains?
a) SABM
b) STML
c) SPTA
d) SAML

Answer: d
Clarification: SAML (Security assertion Markup Language) is the standard for exchanging authentication and authorization information between two different security domains. This provides a cross-organization sign-on.

9. A log of all changes to the application data is called as __________
a) Audit trail
b) Audit log
c) Audit lead
d) Data log

Answer: a
Clarification: A log of all changes to the application data is called as audit trail. This helps us maintain security as it tracks all the breaches on the system.

10. Which of the following is a valid encryption technique?
a) Parallel key encryption
b) Public key encryption
c) Systematic key encryption
d) All of the mentioned

Answer: b
Clarification: Out of the given options, only public key encryption is a valid approach to an encryption technique. In this, there are two different keys to encrypt the data.

Leave a Reply

Your email address will not be published. Required fields are marked *