Question Bank

Which of the following are elements of Public Key Infrastructure (PKI)? (Select all that apply)

Which of the following are part of the OWASP Top 10 vulnerabilities? (Select all that apply)

Which of the following are important attributes of effective security testing? (Select all that apply)

Which of the following are important HTTP security headers? (Select all that apply)

Which of the following encryption types are used in SSL/TLS? (Select all that apply)

What is the primary countermeasure for network-level session hijacking?

What does TLS stand for?

A valid SSL certificate from a trusted CA guarantees that a website is completely secure and trustworthy.

Escaping user input is sufficient to prevent all XSS attacks.

XSS attacks can only steal cookies; they cannot perform other malicious actions.

Modern browsers can mark HTTP websites as 'Not Secure'.

How do you check if HSTS is enabled on a website?

What is the basic design principle of OWASP ESAPI?

How can Content Security Policy (CSP) be used against clickjacking?

What is a Bug Bounty program?

SSL (Secure Sockets Layer) is still the recommended protocol for secure web communications.

Having unique usernames produced with high entropy can prevent session hijacking attacks.

Penetration testing and vulnerability scanning are essentially the same type of security testing.

What is the best approach for input validation to prevent security vulnerabilities?

What information can attackers steal using XSS?