IAW302 - MULTIPLE CHOICES
1) Which of the following consequences are most likely to occur due to an injection
attack? (Choose two.)
A. Spoofing
B. Data loss
C. Denial of service
D. Insecure direct object references - B,C
3) Which of the following scenarios are most likely to cause an injection attack?
(Choose two.)
A. Unvalidated input is embedded in an instruction stream.
B. Unvalidated input cannot be distinguished from valid instructions.
C. A Web application does not validate a client's access to a resource.
D. A Web action performs an operation on behalf of the user without checking a shared
secret. - A,B
5) Which of the following are the best ways to protect against injection attacks? (Choose
three.)
A. Block list
B. Allow list
C. Escaping
D. Memory size checks
E. Validate integer values before referencing arrays - A,B,C
6) Which of the following are most vulnerable to injection attacks? (Choose two.)
A. Session IDs
B. Registry keys
C. Regular expressions
D. SQL queries based on user input - C,D
8) Which mitigation techniques when used in combination can help you strictly define
valid input? (Choose two.)
A. Allow list
B. Block list
C. Table indirection
D. Escaping - A,B