Computer system security quiz 9 Solution | Css quiz week 9 Answer with Reason | css quiz aktu
Computer System Security Quiz week 9 Solution
Q:1. Which of the following is correct for CSRF attack?
3.Both 1 and 2
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf. For most sites, browser requests automatically include any credentials associated with the site, such as the user’s session cookie, IP address, Windows domain credentials, and so forth
Q:2. One of the ways to prevent CSRF attack is that you should use _____ validation.
4.Both 1 and 2
In order to stay safe from Cross-site Request Forgery (CSRF) attacks, make use of the suggested and the most widely used prevention techniques which are known as an anti-CSRF token, also sometimes referred to as the synchronizer tokens.
Q:3. Some of the vulnerability of a websites is/are ?
4.All of the above
Most Common Website Security Vulnerabilities are 1.SQL Injection 2.CSRF (CROSS-SITE REQUEST FORGERY ) 3.Cross Side Scripting (XSS)
Q:4. _________ is a attack in which the script is stored permanently on server.
4.All of the above
XSS is a attack in which the script is stored permanently on server. XSS attacks can be put into three categories: stored (also called persistent), reflected (also called non-persistent), or DOM-based. Stored XSS Attacks The injected script is stored permanently on the target servers. The victim then retrieves this malicious script from the server when the browser sends a request for data.
Q:5. Which of the following is true for DOM-based XSS attack ?
4.None of the above
DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.