Ecologic Validity of Quiz Questions
Question
1-In which city the web application corresponding to "domain 3" locates?
a)Ankara, b)Istanbul, c)New York, d)Other
2-For all three projects two vulnerability measurements are done. Select the most vulnerable software project based on # of vulnerabilities per project size measured as LOC (line of code).
a)Domain1, b)Domain2, c)Domain3, d)All are equal
3-For all three projects two vulnerability measurements are done. Select the project where no new development or bug fix is done between two analyses phases?
4-What is the number of pages which has highest associated alert "Low" for web application project named "domain1"?
a)105, b)42, c)265, d)13
5-Vulnerability scanners can not process all the pages for web applications due to several reasons. One of these reasons is reaching the "Max Dept". Looking at the overall results for all three projects, what is the amount of pages which are unprocessed due to reaching max dept.
a)10%, b)0.1%, c)20%, d)Other
6-Which project has the highest round trip time taken for a vulnerability scan session?
a)Domain1, b)Domain2, c)Domain3, d)All are equal
7-What is the "metric name" shown in the tool tip box for the previous dashboard
a)OWASPTopTen2007Vulnerabilities, b) NumberOfVulnerabilities, c) URLProcessedSet, d) URLsWithAlert
8-What is the number of alerts per modules per "Phase 2" of "Domain 2"?
a)0.28, b)38.12, c)100, d)60.60
9-Find out the project at which no the project size did not change in the time period between two independent vulnerability scan results are done?
a)Domain 1, b)Domain 2, c)Domain 3, d)None
10- What is the number of vulnerability of type "Web Browser XSS Protection Not Enabled" for "Domain 1", "Phase 1"
a)24, b)1, c)7, d)35
11-What is the number of repeated alerts for "Domain 3" in "Phase 2" from "Phase 1"?
a)0, b)1525, c)303, d)741
12-What is the number of fixed alerts for "Domain 2" in "Phase 2" from "Phase 1"?
a)0, b)1525, c)303, d)741
13-Based on the scanner rules used in this tool, how many of the vulnerabilities in the CWE database is covered?
a)50, b)27, c)4, d)0
14-Is "A10 - Failure to Restrict URL Access" of OWASP top ten 2007 vulnerabilities list is covered in the existing scanner rules?
a)Yes, b)No, c)I don’t know, d)N/A
15-What is the number of vulnerabilities belonging to "A6 Injection Flaws" for "domain 2"?
a)35, b)2, c)224, d)71