JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.
CASE .NET M4 Exam Prep
Secure Coding Practice for Input Validation
Sign in to Google
to save your progress.
Learn more
* Indicates required question
Which of the following are true regarding Input Validation?
*
5 points
It is a comprehensive defensive technique with multi-tiered dependencies.
Proper input validation techniques are used to eliminate vulnerabilities in web applications.
Improper validation of input prevents injections attacks.
Firewalls can prevent injection attacks.
Comparing Client-Side and Server-side input validation, which is true?
*
5 points
Client-side increases server load and network traffic.
Server-side validates the input data received and sends the data back to the client.
Client-side validates the input data received and sends the data back to the server.
Server-side validation is not reliable, the attacker can easily bypass the validation script.
What is this an example of?
*
5 points
Client-side validation.
Server-side validation.
SQL injection.
XSS injection.
What is the difference between Blacklisting and Whitelisting?
*
5 points
All good characters are on the blacklist and bad characters are on the whitelist.
All bad characters are on the blacklist and good characters are on the whitelist.
Blacklisting is difficult to implement and Whitelisting is easier to implement.
None of the above
In regard to
ASP.NET
Validation Controls, What is RequiredFIeld?
*
5 points
Used to ensure that the designated input fields are left blank.
Used to ensure that the designated input fields are left with the default value.
The server tag <asp:RequiredFIeldValidator> is used to add the RequiredField validation control in the web form for a specific input field.
All of the Above.
None of the Above
What type of Validation Control is this?
*
5 points
RequiredField Validator
Range Validator
Comparison Validator
Regular Expression Validator
Custom Validator
What type of Validation Control is this?
*
5 points
RequiredField Validator
Range Validator
Comparison Validator
Regular Expression Validator
Custom Validator
What type of Validation Control is this?
*
5 points
RequiredField Validator
Range Validator
Comparison Validator
Regular Expression Validator
Custom Validator
What type of Validation Control is this?
*
5 points
RequiredField Validator
Range Validator
Comparison Validator
Regular Expression Validator
Custom Validator
What type of Validation Control is this?
*
5 points
RequiredField Validator
Range Validator
Comparison Validator
Regular Expression Validator
Custom Validator
Which of the following are NOT a defense against SQL Injection?
*
5 points
Use of embedded queries.
Use of parameterized queries.
Use of parameterized stored procedures.
Least privilege.
Constraining input.
In regards to XSS Injection attacks, which of the following is Output Encoding?
*
5 points
It blocks unsafe characters and removes them.
It allows unsafe characters and renders them as harmless text.
It converts the input characters into their equivalent encoded values, which are removed and then sent to error logs.
d. All of the Above
e. None of the Above.
In regards to XSS Injection attacks, which is the following an example of?
*
5 points
HtmlEncode
UrlEncode
Anti-XSS
None of the Above
In regards to XSS Injection attacks, which is the following an example of?
*
5 points
HtmlEncode
UrlEncode
Anti-XSS
None of the Above
In regards to XSS Injection attacks, which is the following an example of?
*
5 points
HtmlEncode
UrlEncode
Anti-XSS
None of the Above
What is this a defense against?
*
5 points
SQL Injection.
XSS Injection.
X-Frame Options.
None of the Above
What defensive technique is this an example of?
*
5 points
Directory Traversal
Anti-XSS
UrlEncode
Disable X-Frame-Options
What defensive technique is this an example of?
*
5 points
Directory Traversal
UrlEncode
Disable X-Frame-Options
None of the Above
Which of the following are guidelines for Secure (CORS) Configuration?
*
5 points
Enable “Allow All Origins”
Ensure CORS only allows access to the desired page and not all pages.
Ensure that the Origin header does not match the Host header field.
Ensure Access-Control-Max-Age header enables caching for a long time.
How to disable Directory browsing on the website?
*
5 points
Invoke UseDIrectoryBrowser method in Startup.cs.
Invoke AddDirectoryBrowser() service in ConfigureServices() in Startup.cs.
Set <directoryBrowse enabled="true" /> in web.config
<directoryBrowse enabled="false" />
Submit
Clear form
This content is neither created nor endorsed by Google.
Report Abuse
-
Terms of Service
-
Privacy Policy
Forms
