Question Bank

Why should application accounts not have DBA or admin access to database servers?

Black Box security testing provides testers with full information about the system being tested.

HTTPS is always slower than HTTP due to encryption overhead.

What security threat arises from not flagging HTTP cookies with tokens as secure?

XSS can be completely prevented without modifying source code by using a Web Application Firewall (WAF).

What is the primary purpose of anti-CSRF tokens?

What information can attackers steal using XSS?

What is the best approach for input validation to prevent security vulnerabilities?

SSL (Secure Sockets Layer) is still the recommended protocol for secure web communications.

XSS attacks can only steal cookies; they cannot perform other malicious actions.

Escaping user input is sufficient to prevent all XSS attacks.

What is the primary countermeasure for network-level session hijacking?

What is the primary purpose of the Root SSL Certificate?

What security issue arises from session tokens having poor randomness?

What is the primary benefit of implementing Content Security Policy (CSP)?

What does the Access-Control-Allow-Origin header do?

What is the main difference between IDS and a firewall?

What is Cross-Site Request Forgery (CSRF)?

What is ClickJacking?

What is a Honeypot in security?