Incentro Cyber Security 26-01-2022

1 / 58

Slide 1: Slide

quizBasisschoolGroep 1

This lesson contains 58 slides, with interactive quizzes and text slides.

Items in this lesson

Slide 1 - Slide

Slide 2 - Slide

Slide 3 - Slide

Slide 4 - Slide

Slide 5 - Slide

Slide 6 - Slide

Slide 7 - Slide

Slide 8 - Slide

Slide 9 - Slide

Slide 10 - Slide

Slide 11 - Slide

Slide 12 - Slide

Slide 13 - Slide

Slide 14 - Slide

Spoofing a WiFi Access point is also called?

An evil twin attack

Pineapple attack

A keystroke Injection

Nmap scan Attack

Slide 15 - Quiz

Slide 16 - Slide

Slide 17 - Slide

HTTPS is helpful for?

For preventing CSRF attacks

For preventing XSS attacks

For preventing SQL injections

For preventing Sniffing attacks

Slide 18 - Quiz

Slide 19 - Slide

Slide 20 - Slide

Slide 21 - Slide

Which statement is true?

REST APIs should deny access by default, except public resources

JWT tokens can manually be invalidated

The following header is valid, “Access-Control-Alllow-origin: https://*.website.com”

Limit the rate of API access does not minimize the harm from automated attack tooling

Slide 22 - Quiz

Slide 23 - Slide

Slide 24 - Slide

Slide 25 - Slide

To prevent an CSRF attack, an web application should?

Make sure that POST, PUT, PATCH & DELETE calls are idempotent

Transmit the CSRF token by only using cookies

Generate the CSRF token on the service-side and require a custom-HTTP-header per request

Only permit HTTPS requests

Slide 26 - Quiz

Slide 27 - Slide

Slide 28 - Slide

Slide 29 - Slide

The best way to store passwords is by

Make sure that POST, PUT, PATCH & DELETE calls are idempotent

Transmit the CSRF token by only using cookies

Generate the CSRF token on the service-side and require a custom-HTTP-header per request

Only permit HTTPS requests

Slide 30 - Quiz

Slide 31 - Slide

Slide 32 - Slide

Slide 33 - Slide

Which statement is true?

By using the AES-256 encryption.

By using the slow Argon2id hashing.

By using base64 encoding.

By using the fast SHA-1 hashing.

Slide 34 - Quiz

Slide 35 - Slide

Slide 36 - Slide

Slide 37 - Slide

Which statement is true :)?

To analyse vulnerabilities in the node modules you can use npm audit.

Always specify a USER when creating Docker files

To analyse vulnerabilities in for the maven dependencies you can use the owasp dependency check maven

All of the above :)

Slide 38 - Quiz

Slide 39 - Slide

Slide 40 - Slide

CIA in IT Security means what?

Central Intelligence Agency

Confidentiality, Integrity and Availability

Continuity, Integrity and Accessibility

Continuity, Integration and Availability

Slide 41 - Quiz

Slide 42 - Slide

Slide 43 - Slide

Slide 44 - Slide

What is 'Alpine'?

Adventurous form of skiing

Open Source Security Tool by Google

Linux distribution

City in Wyoming, USA

Slide 45 - Quiz

Slide 46 - Slide

Slide 47 - Slide

Slide 48 - Slide

Which of the following is the most secure password option?

x509 certificate

Welkom2007

t:u7?3H%>-3tH(e3SksNr.b#

pointed-silica-womb-garden

Slide 49 - Quiz

Slide 50 - Slide

Slide 51 - Slide

Slide 52 - Slide

Within how much time after public disclosure did GCP Cloud Armor provide protection against Log4J2?

Direct at public disclosure

Within 24 hours

Within 7 days

Still no protection

Slide 53 - Quiz

Slide 54 - Slide

Slide 55 - Slide

Slide 56 - Slide

Slide 57 - Slide

Slide 58 - Slide