If a website is vulnerable to CSRF attacks, what is most likely missing from its defense mechanism?

A secure anti-CSRF token mechanism

Cross-origin request sharing policy

Cross-site scripting protection

A session token is sent in the URL in a query parameter, as shown: <a href="http://www.example.com/welcome?token=1234567890">Click Here</a> Why is this a security issue?

Session tokens in URLs can be logged and shared

The session token will not work in some browsers

After analyzing the following CORS request, which element is essential for proper functionality? Access-Control-Allow-Origin: http://trustedwebsite.com

The `Access-Control-Allow-Methods` should allow specific HTTP methods

The `Content-Type` header should match the accepted formats

The response must include `Access-Control-Allow-Origin: *`

The server needs to respond with a valid token for all requests

A website needs to make an API call to another domain. The browser throws a CORS error. Which solution is appropriate to allow the request while maintaining security?

Set `Access-Control-Allow-Origin: http://trusteddomain.com` on the server

Set `Access-Control-Allow-Origin: *` on the server

Use JSONP instead of XMLHttpRequest

Remove the Origin header from the request

Consider the following script included in a web page: document.write("User input: " + user_input); What is the best modification to prevent XSS vulnerabilities in this script?

Sanitize the `user_input` before using it

Move the script tag to the head of the document

Disable JavaScript in the browser

You have a login page that uses cookies to maintain user sessions. How can you ensure the security of cookies to prevent session hijacking?

Set cookies with `Secure` and `HttpOnly` flags

Store session cookies in local storage

Send the cookie over HTTP connections

Use base64 encoding to secure the cookie

A user fills out a form on your website, and you need to prevent CSRF attacks. Which approach would you implement?

Add an anti-CSRF token to each form submission

Use JavaScript validation on the form fields

Disable cookies for authenticated sessions

Analyze the code below. What is the best way to prevent a security issue like SQL Injection? $username = $_GET['username']; $query = "SELECT * FROM users WHERE username = '$username'";

Use prepared statements with parameterized queries

Use URL encoding for the username

Hash the username before using it in the query

Add an additional WHERE clause to the query

Level-3 Cyber Browser

Quiz

•

Computers

•

University

•

Practice Problem

•

Hard

Rohit Verma

Used 4+ times

FREE Resource

15 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the primary purpose of the browser’s rendering engine?

To fetch data from the server

To display HTML and CSS content in a formatted manner

To handle user interactions

To manage browser cookies

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What does the Same-Origin Policy (SOP) restrict?

Only cookies sharing across websites

Execution of JavaScript

Interaction between scripts from different origins

Browser plugin execution

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which HTTP header is used to specify allowed origins in CORS (Cross-Origin Resource Sharing)?

Access-Control-Allow-Origin

Access-Control-Allow-Methods

Content-Type

Cache-Control

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which one of the following is an example of a cross-site scripting (XSS) attack?

User input is displayed on a webpage without validation

A website restricts cross-origin API requests

A user is logged out after a session timeout

HTTPS is enabled for secure communication

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the function of cookies in web applications?

To store JavaScript files

To track and store user session information

To prevent cross-site attacks

To speed up web page loading times

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Analyze the following HTTP request and identify why CORS would block this request: GET /api/data HTTP/1.1 Host: api.example.com Origin: http://otherexample.com

Because `Origin` is different from `Host`

Because the request method is GET

Because the Access-Control-Allow-Headers is missing

Because the HTTP version is outdated

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An application is vulnerable to XSS because it does not properly escape user input in a form field. Which of the following countermeasures will be most effective?

Allow all HTML tags but block scripts

Use HTTPS for all requests

Encode and validate all user inputs

Use a strong Content Security Policy (CSP)

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Spreadsheet Fundamentals - Quiz2

Quiz

•

University

10 questions

Hands-on Modul 3

Quiz

•

University

10 questions

Visual Basic 2010

Quiz

•

8th Grade - University

10 questions

CS100||MsWord

Quiz

•

University

20 questions

Skill Competition Quiz 2024

Quiz

•

10th Grade - University

11 questions

Types of Mass Media

Quiz

•

10th Grade - Professi...

10 questions

Software dan Hardware

Quiz

•

University

10 questions

Creating tables in HTML

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

20 questions

CompTIA Network+ - Ports and Protocols

Quiz

•

University