Backend Development - Quiz #1

A type of malware that infects user devices.

Cross-site request forgery (CSRF) is a security vulnerability that allows attackers to perform actions on behalf of authenticated users without their consent.

A method to encrypt user data during transmission.

A technique to improve website loading speed.

Tokenization is the process of converting sensitive data into unique tokens for enhanced security in back-end development.

Tokenization is the process of encrypting data for secure transmission.

Tokenization involves creating backups of sensitive data for recovery purposes.

Tokenization is the method of compressing data to save storage space.

Authentication verifies identity; Authorization determines access rights.

Authentication is the same as Authorization.

Authentication is only for system administrators.

Authorization is about verifying identity.

SSRF is a type of attack that tricks a server into making requests to unintended locations.

SSRF is a technique for optimizing server performance.

SSRF allows users to access local files on the server.

SSRF is a method for securing server requests.

HTML cannot be used to manipulate user sessions.

HTML can be used to enhance website performance.

HTML is primarily used for server-side scripting.

HTML can be misused for Cross-Site Scripting (XSS) and exposing sensitive data through insecure forms.

Disabling JavaScript on the client side is the best way to prevent XSS attacks.

Cross-Origin Resource Sharing (CORS) is the primary method to prevent XSS attacks.

Input validation and output encoding are effective methods to prevent XSS attacks.

Using only HTTP headers is sufficient to prevent XSS attacks.

A WAF is a tool for encrypting data in transit.

A WAF is primarily for managing user sessions.

A WAF is used to enhance the performance of web applications.

A WAF is designed to monitor and filter HTTP traffic to and from a web application.

SQL Injection is a technique for securing database connections; it can be mitigated by using SSL.

SQL Injection is a code injection technique that exploits vulnerabilities in an application's software; it can be mitigated by using prepared statements and parameterized queries.

SQL Injection is a method for optimizing database queries; it can be mitigated by indexing.

SQL Injection is a type of denial-of-service attack; it can be mitigated by increasing server resources.

Input validation is a method for compressing data before storage.

Input validation is used to enhance the aesthetic design of web forms.

Input validation ensures that only properly formatted data is accepted by the application.

Input validation is primarily concerned with user authentication.

Third-party libraries are used solely for aesthetic enhancements.

Third-party libraries can introduce vulnerabilities if not properly maintained or updated.

Third-party libraries are always secure and do not pose any risks.

Third-party libraries can only improve application performance.