Learning the OWASP Top 10_LinkedIn (77981)
Software Security (4774) : SSA E1 Developer (13256)
Learning the OWASP Top 10_LinkedIn Assessment Answers (77981)
Which statement describes broken access control in a web application?
a. all of these choices
b. Private information is sent to an unauthorized person.
c. Private information is exposed to an unauthorized person.
d. Private information can be read, edited, or deleted by an unauthorized person.
Answer: all of these choices
Why do vulnerable and outdated components have such a large impact on the security of web applications?
a. Most web apps include several input fields, which can be exploited by a malicious attacker if they are not validated correctly.
b. Most web apps exist alongside a corresponding mobile app. Smartphones present new and different security risks.
c. Most web apps include APIs, which are inherently vulnerable.
d. Most web apps include several different components, all of which must be tracked and kept up to date in order to improve the security posture of the application.
Answer: Most web apps include several different components, all of which must be tracked and kept up to date in order to improve the security posture of the application.
How do you know whether each of your components is vulnerable or not?
a. Test the opportunity for a user to act beyond the permission of their role.
b. Consult with security experts to ensure that you are implementing the appropriate requirements and design decisions.
c. Research known vulnerabilities as well as proactively test your applications
Answer: Research known vulnerabilities as well as proactively test your applications
If you know that legitimate external resources are coming from a specific location, what can you do to prevent SSRF?
a. Allow all servers as trusted entities.
b. Allow only that IP address or host name.
c. Do not allow the server to request sensitive internal resources.
Answer: Allow only that IP address or host name.
What is the significance of the new Insecure Design category in the 2021 OWASP Top 10?
a. This new category acknowledges that code-level mistakes are common and can occasionally be attributed to human error.
b. This new category acknowledges that security matters in the requirements and design phase of web app development.
c. This new category acknowledges that QA testing and Security testing are equally important and should both be valued.
Answer: This new category acknowledges that security matters in the requirements and design phase of web app development.
What is an example of a digital security misconfiguration?
a. You accidentally send information to someone who should not have it.
b. You choose not to use a password on your mobile device.
c. You choose to store your passwords in plaintext.
Answer: You choose not to use a password on your mobile device.
Why is security logging and monitoring so important?
a. It allows external security consultants to provide advice and feedback on systems implementation.
b. It allows breaches to be discovered more quickly and at earlier stages of an attack.
c. It should only be enabled for restricted systems.
d. It allows everyone on the security team to know what's going on across an organization.
Answer: It allows breaches to be discovered more quickly and at earlier stages of an attack.
If you are storing sensitive data, when should you encrypt the data?
a. when the data is at rest only
b. when the data is at rest and in transit
c. when the data is in transit only
Answer: when the data is at rest and in transit
Why don't regular access controls always work to prevent a server side request forgery (SSRF) attack?
a. The attacker may have privileged access.
b. An anonymous user may have privileged access.
c. The server may have privileged access.
d. The client may have privileged access.
Answer: The server may have privileged access.
What is the result of an injection attack?
a. The web application rejects user input unless it is formatted correctly.
b. The web application anonymizes data submitted by the user.
c. The web application interprets input submitted by the user as an instruction to follow.
Answer: The web application interprets input submitted by the user as an instruction to follow.
Which scenario is an example of identification and authentication failure?
a. when a web app establishes a new user session without closing out the previous one
b. when the software communicates with a host that provides a certificate, but does not ensure that the certificate is actually associated with that host
c. when an actor claims to have a given identity, and the software does not prove that the claim is correct
d. all of these choices
Answer: all of these choices
The eighth item, Software and Data Integrity Failures, is a subset of what other OWASP top 10 item?
a. Identification and Authentication Failures
b. Vulnerable and Outdated Components
c. Cryptographic Failures
Answer: Vulnerable and Outdated Components
Note: This MCQ aims to achieve a 90% accuracy rate. If you notice any errors in the answers, please comment below and contribute to reaching 100% accuracy.
----------------------
TAGS: Software Security Answers, 4774 Course Answers, IEvolve 4774, iEvolve Answers, SSA E1 Developer Assessment, 77981 Course Answers, SSA Developer, SSA E1 Developer Course Answers, iEvolve 77981 Course Answers, Software Security SSA Developer Answers, Software Security E1 Answers, Course Answers, IEvolve Course Answers.