can be blocked by validating user input.

runs in the domain of the malicious website.

cannot alter the page in any way.

Content security policy…

is configured by defining all allowed origins for each resource type.

is synonym to same-origin policy.

is defined with Content-Security-Policy cookie.

configuration is defined with code-src and pic-src.

Select the true statement.

A large amount of vulnerabilities is caused by not validating user input.

CRSF can only use HTTP method GET.

It is possible to make fully invulnerable web application.

Cross-site request forgery is more usual than Cross-site scripting.

Where you should check the user input?

When server enters the data into a database

How could an attacker perform an Cross-Site Scripting attack against a vulnerable target?

By creating a search engine query which includes JavaScript code in it

By creating a blog post which includes JavaScript

By creating a Web app which has JavaScript code

Which of the following can be used to mitigate against SQL attacks?

Accepting only JSON in request payloads

Which CORS header must the server response set to allow sharing the response with https://tuni.fi origin?

Access-Control-Allow-Origin: https://tuni.fi

CORS-Allow-Origin: https://tuni.fi

Access-Control-Allow-Origin: https://web.tuni.fi

Kappale 7

Quiz

•

Computers

•

University

•

Practice Problem

•

Medium

Anni K

Used 12+ times

FREE Resource

20 questions

Show all answers

1.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which of the following can be used for Cross-site scripting attacks?

Session hijacking

User input is code which gets executed when the page is shown to other users.

Acquiring session ids by observing network traffic.

Search engine search term is code which gets executed when the search term is shown in the results page.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which security vulnerability is exploited by setting a website on top of another with its opaque style set to value 0?

Session fixation

Clickjacking

Session hijacking

CSRF

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which security attack starts by sending the following HTTP request?

HTTP response splitting

CSRF

Directory traversal

None of the above

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is a typical example of CSRF (Cross-Site Request Forgery)?

User logs on to site A, then visits site B which has malicious link back to site A, which executes unwanted action.

Acquiring victim’s session id by observing network traffic.

Two websites are set on top of each other, first invisible, second visible, user clicks first the other before clicking the second.

Attacker logs on to site and acquires session id. Then they feed the id to the victim, and the attacker gains access to victim’s resources on the site.

Attacker gains control of the HTTP body by making the server print an extra CRLF sequence.

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What security vulnerability is described in the example: User searches using a search engine, but the search term is actually code. The code gets executed when the engine displays the search term on the results page.

CSRF

Persistent cross-site scripting

Non-persistent cross-site scripting

HTTP response splitting

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

CSRF tokens...

protect from cross-site request forgery attacks.

are codes shared by the server and the client to help in HTTP request validation.

are always created with the help of CSURF.

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Same-origin policy...

can be used to configure CORS.

checks the protocol, the port and the host.

is synonym to CSP.

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

Communications and Technology

Quiz

•

University

16 questions

W6_BIS

Quiz

•

University

20 questions

MIDTERM-SW3 MARKETING COMMUNICATION

Quiz

•

University

20 questions

System and network support and management

Quiz

•

11th Grade - Professi...

20 questions

C - Structures

Quiz

•

University

20 questions

DreamWeaver CS6

Quiz

•

University

20 questions

The Firm and Its Environment

Quiz

•

University

19 questions

DSA Quest 1.0

Quiz

•

University

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

Discover more resources for Computers

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

7 questions

Different Types of Energy

Interactive video

•

4th Grade - University

20 questions

Slopes and Slope-Intercept Form

Quiz

•

8th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Biomolecules (Updated)

Interactive video

•

11th Grade - University

20 questions

Winter/Holiday Trivia

Quiz

•

KG - University

10 questions

WINTER WIN Time - ELA - 12/9/2025

Quiz

•

KG - University

7 questions

Human Impact on Resources

Interactive video

•

4th Grade - University

Kappale 7

20 questions

Which of the following can be used for Cross-site scripting attacks?

Which security vulnerability is exploited by setting a website on top of another with its opaque style set to value 0?

Which security attack starts by sending the following HTTP request?

Which of the following is a typical example of CSRF (Cross-Site Request Forgery)?

What security vulnerability is described in the example: User searches using a search engine, but the search term is actually code. The code gets executed when the engine displays the search term on the results page.

CSRF tokens...

Same-origin policy...

XSS…

Content security policy…

Select the true statement.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers