Public S3 bucket lists file names but blocks `GetObject`. Risk?

Sensitive data exposure via filenames

An attacker uploads a `web.config` file in a .NET app. What can this do?

Trigger RCE via config override

In Burp, how do you test rate limiting?

Repeater → send 1000 fast requests

On Linux, what does `setuid` allow?

Allow any user to run with file owner's privileges

Which header disables MIME type sniffing?

X-Content-Type-Options: nosniff

Security Engineer Intern

Authored by Rizwaan Bashir

Information Technology (IT)

University

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

28 questions

Show all answers

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

What does setting `SameSite=Strict` on cookies help prevent?

XSS

CSRF

Clickjacking

CORS issues

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

Which header protects against Clickjacking attacks?

Content-Type

X-Content-Type-Options

X-Frame-Options

Cache-Control

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

In a broken access control test, what’s the best way to discover IDOR?

XSS injection

Changing URL parameters

Clearing cookies

Changing HTTP method

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

In OAuth, what is the purpose of the `state` parameter?

Session tracking

Scope restriction

CSRF protection

Token refresh

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

You bypass a login by modifying a JWT’s algorithm to `none`. What’s this flaw?

Key reuse

Signature validation bypass

Replay attack

Session fixation

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

What does SSRF in a cloud app often lead to?

XSS

IAM access

File upload

Shellshock

MULTIPLE CHOICE QUESTION

10 sec • 1 pt

Which AWS service metadata IP is often targeted by SSRF?

127.0.0.1

0.0.0.0

169.254.169.254

192.168.1.1

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

Troubleshooting Instalasi Hardware

Quiz

•

12th Grade - University

30 questions

HTML Quiz1

Quiz

•

University

30 questions

Team Game Tournament

Quiz

•

8th Grade - University

30 questions

TCP/IP and OSI Model Quiz

Quiz

•

University

30 questions

Pandas MCQ Quiz

Quiz

•

12th Grade - University

30 questions

Kuis_01_Pengantar Teknologi Informasi_Bab 1-2

Quiz

•

University

25 questions

Quiz HTML dan CSS Bootstrap Kelas XI RPL

Quiz

•

11th Grade - University

25 questions

Soal Pilihan Ganda Microsoft Word

Quiz

•

8th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

5 questions

Poetry Interpretation

Interactive video

•

4th Grade - University

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

15 questions

Review1

Quiz

•

University

15 questions

Pre1

Quiz

•

University

Security Engineer Intern

What does setting `SameSite=Strict` on cookies help prevent?

Which header protects against Clickjacking attacks?

In a broken access control test, what’s the best way to discover IDOR?

In OAuth, what is the purpose of the `state` parameter?

You bypass a login by modifying a JWT’s algorithm to `none`. What’s this flaw?

What does SSRF in a cloud app often lead to?

Which AWS service metadata IP is often targeted by SSRF?

Public S3 bucket lists file names but blocks `GetObject`. Risk?

Which GCP IAM role has full project-level permissions?

An attacker uploads a `web.config` file in a .NET app. What can this do?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)