Web application security - the fast guide 1.1 | Page 24

Chapter 1 - information Security overview
P a g e | 24
1.7 QUIZ
1. Which of the following not considered as security breach
a. Unauthorized access to data
b. Affecting the availability of an operational web site.
c. Alter data sent through message by third party
d. None of the above.
2. The most important part of an information system is
a. Hardware
b. Operating system
c. Data
d. Application
3. In layered based security model:
a. Remote user can directly access data without bypassing checks in
network layer
b. Cannot affect security by only compromising network layer.
c. Data cannot be accessed if the application layer is not
compromised
d. Compromising a layer does not mean for sure that data is disclosed
4. Session management is a must to:
a. Preserve state between different requests
b. Preserve token related to user privileges between different
requests
c. Preserve information in a session structure on server side
d. All the above
5. What is right about session information:
a. All Session information are stored on the client as a cookie
b. Session information are sent each time with each request to server
c. The server track user request through the session ID value
d. Session information expires directly after receiving the request
from the user.
6. Authentication is about:
a. Checking user privileges
b. Checking user identity
c. Checking user state.
d. None of the above
7. Which is more secure for online authentication?
a. Authentication with biometrics
b. Authenticating with user name and password
c. Using one-time password pin
d. Using combination of more than one authentication method
8. Roles in authorization normally reflect: