Which of the following should be used to construct a "remember me" token?

20 bytes of random data from /dev/urandom stored via a hash (e.g. SHA-1)

A hash (e.g. SHA-1) of user's username, password and a salt concatenated

20 bytes of random data from /dev/urandom

Your application communicates with a third-party JSON API over the Internet. The API is accessed using an HTTPS connection, which is based on a self-signed certificate. Is the communication between your application and the API secure?

Yes, if the third-party certificate can be securely imported into your application

No, it is not possible with self-signed certificates

Yes, because HTTPS is being used.

No, because HTTPS/Self-signed are not compatible.

You concatenate and hash two inputs, input1 and input2, with SHA-256 algorithm. Is it possible that the order of the inputs fed to the SHA-256 function may have a direct effect regarding security of the hashing? sha256(input1 . input2) vs. sha256(input2 . input1)

No, security-wise it does not make a difference with SHA-256

Week 13b

Authored by A Moreno

Computers

University

Used 12+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Your application sets a cookie with Secure attribute. What does this mean?

The cookie can not be accessed by JavaScript

The cookie will not be sent cross-domain

Client will send the cookie only over an HTTPS connection

none of these

MULTIPLE CHOICE QUESTION

1 min • 1 pt

The session ID must be renewed after...

A short idle period (ie. 30 seconds)

When a new window is created

Any privilege level change

A client logs in

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Your web server supports secure (HTTPS) connections. By design, which of the following is the best way to make sure a client will not accidentally request a page over non-secure HTTP connection?

Completely close port 80

Use HTTP Strict-Transport-Security

Redirect all requests for port 80 to port 443

disable port 433

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Your application performs logging queries after certain events. Timestamp, IP address, POST payload and a type of action will be saved to a MySQL database. Is it possible for an adversary to bypass this logging query by sending specifically crafted POST payload?

No, if escaping is used (ie. mysql_real_escape_string() function in PHP)

Yes, further validation is needed on the input data

No, if the SQL query is performed using a prepared statement with correctly set character encoding

Yes, because posts are generally associated with malicious payloads

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You use a 104-bit, cryptographically strong, random number (hexadecimal encoded, for example) as your password on a web site which stores passwords as plain MD5 hashes: md5 (password). Is it safe to assume your password will be safe if the user database leaks?

Yes

No, because of the broken collision resistance of MD5

maybe...?

No, because of the lack of salting and stretching

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You are running Apache + PHP server. PHP runs as an Apache module:
AddHandler php5-script .php
You allow users to upload avatar images (in PNG format). Avatar filename is allowed to contain characters: "a-z0-9.-".
Is it safe to assume you are secure against PHP code execution launched via uploaded files?

Yes, if I make sure the filename ends with .png extension

occassionally

No, further configuration is needed on the server-side

Yes, if I reject files that do not pass getimagesize()

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Your PHP application reads user submitted XML documents using DOM. You fetch certain element values from the XML:
$doc = new DOMDocument();
$doc->loadXML($xml);
$params = $doc->getElementsByTagName('parameters');
You display some of those parameters on the user's account settings page. Is it possible to exploit this scenario with a maliciously crafted XML document?

yes

No, if I make sure the user submitted XML is well-formed

maybe?

No, if I escape the data before displaying on the account page

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

Fundamentals of Algorithms - Unit 1 - Test 1

Quiz

•

University

10 questions

computer Networks

Quiz

•

University

15 questions

PICMAKER

Quiz

•

University

15 questions

Vistacreate

Quiz

•

University

10 questions

Industry 4.0 Unit 1

Quiz

•

University

10 questions

Scratch

Quiz

•

KG - Professional Dev...

9 questions

Structured/Traditional SDM

Quiz

•

University

15 questions

Object Oriented Programming Assessment 1

Quiz

•

University

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Computers

18 questions

Informative or Argumentative essay

Quiz

•

5th Grade - University

20 questions

Disney Trivia

Quiz

•

University

5 questions

Human Impacts: How Do People Disrupt Ecosystems?

Interactive video

•

4th Grade - University

7 questions

Human Body Systems Overview (Updated 2024)

Interactive video

•

11th Grade - University

20 questions

Context Clues

Quiz

•

KG - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University

20 questions

10.4 Exponential Functions

Quiz

•

8th Grade - University

30 questions

PSYCH 250: Exam 3

Quiz

•

University

Week 13b

Your application sets a cookie with Secure attribute. What does this mean?

The session ID must be renewed after...

Your web server supports secure (HTTPS) connections. By design, which of the following is the best way to make sure a client will not accidentally request a page over non-secure HTTP connection?

Your application performs logging queries after certain events. Timestamp, IP address, POST payload and a type of action will be saved to a MySQL database. Is it possible for an adversary to bypass this logging query by sending specifically crafted POST payload?

You use a 104-bit, cryptographically strong, random number (hexadecimal encoded, for example) as your password on a web site which stores passwords as plain MD5 hashes: md5 (password). Is it safe to assume your password will be safe if the user database leaks?

Which of the following should be used to construct a "remember me" token?

Your application communicates with a third-party JSON API over the Internet. The API is accessed using an HTTPS connection, which is based on a self-signed certificate. Is the communication between your application and the API secure?

You concatenate and hash two inputs, input1 and input2, with SHA-256 algorithm. Is it possible that the order of the inputs fed to the SHA-256 function may have a direct effect regarding security of the hashing?sha256(input1 . input2)vs.sha256(input2 . input1)

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

You concatenate and hash two inputs, input1 and input2, with SHA-256 algorithm. Is it possible that the order of the inputs fed to the SHA-256 function may have a direct effect regarding security of the hashing?
sha256(input1 . input2)
vs.
sha256(input2 . input1)