DC Incentro Cyber Security 08-08-2022
1 / 86
Onderdelen in deze les
Slide 1 - Tekstslide
Slide 2 - Tekstslide
Slide 3 - Tekstslide
Slide 4 - Tekstslide
Slide 5 - Tekstslide
Slide 6 - Tekstslide
Slide 7 - Tekstslide
Slide 8 - Tekstslide
Slide 9 - Tekstslide
Slide 10 - Tekstslide
Slide 11 - Tekstslide
Slide 12 - Tekstslide
Slide 13 - Tekstslide
Slide 14 - Tekstslide
Why should you always lock your computer screen when you step away from your computer?
A
Someone can add or delete files from your computer
B
Colleagues might use your computer to announce that you're buying lunch for everyone!
C
An unauthorized person can have access to confidential client data
D
You save power!
Slide 15 - Quizvraag
Slide 16 - Tekstslide
"What does the “https://” at the beginning of a URL
denote, as opposed to ""http://"" (without the “s”)?"
denote, as opposed to ""http://"" (without the “s”)?"
A
That the site is the newest version available
B
That information entered into the site is encrypted
C
The site is not accessible to certain computers
D
That the site has special high definition
Slide 17 - Quizvraag
Slide 18 - Tekstslide
What is not an element of cyber security
A
confidentiality
B
reproducability
C
integrity
D
integrity
Slide 19 - Quizvraag
Slide 20 - Tekstslide
What is an example of shadow IT?
A
a hacker group
B
Joining an online meeting with not enough light so your face can not be seen
C
Having an IT job that is higly confidential so you can't talk about it at social gatherings
D
The use of your kids school tabet to join an online meeting
Slide 21 - Quizvraag
Slide 22 - Tekstslide
A memory leak is an example of a cyber security issue
A
False, it is a bug in the code
B
True, a hacker can use it to take down your application
C
False, my code never has memory leaks
D
It's mark Rutte not recollecting major political things
Slide 23 - Quizvraag
Slide 24 - Tekstslide
HTTPS is helpful for?
A
For preventing CSRF attacks
B
For preventing XSS attacks
C
For preventing SQL injections
D
For preventing Sniffing attacks
Slide 25 - Quizvraag
Slide 26 - Tekstslide
Slide 27 - Tekstslide
The best way to store passwords is by
A
Make sure that POST, PUT, PATCH & DELETE calls are idempotent
B
Transmit the CSRF token by only using cookies
C
Generate the CSRF token on the service-side and require a custom-HTTP-header per request
D
Only permit HTTPS requests
Slide 28 - Quizvraag
Slide 29 - Tekstslide
Slide 30 - Tekstslide
Slide 31 - Tekstslide
Which of the following is the most secure password option?
A
x509 certificate
B
Welkom2007
C
hI678gbCV#?$%:t:u7?3H%>-3tH(e3SksNr.b#
D
pointed-silica-womb-garden
Slide 32 - Quizvraag
Slide 33 - Tekstslide
I can use my API key in multiple locations without security issues
A
Yes, API keys are secure by design
B
Yes, but only in related services
C
Nope, usage in multiple places gives a higher risk of a security breach
Slide 34 - Quizvraag
Slide 35 - Tekstslide
To make account management easier I should create a single user for my whole team
A
Yes, this ensures that if people leave the team we still have the credentials
B
Yes, I can then easily onboard people by sharing the same password
C
No, because I don't like sharing
D
No, because this will hide who does what
Slide 36 - Quizvraag
Slide 37 - Tekstslide
I only need to think about securing my API if and when I make it public
A
TRUE
B
FALSE
Slide 38 - Quizvraag
Slide 39 - Tekstslide
Slide 40 - Tekstslide
If I find a cool open source librarly I can use it without problems, as long as it has many github stars
A
True, many github stars mean that lots of people use it, so any issues wil be quickly fixed
B
False, I still need to review the code itself before using it
C
False, I also need to look at when the latest update has happened to make sure it is still up to date
Slide 41 - Quizvraag
Slide 42 - Tekstslide
What flaw can lead to exposure of resources or functionality to unintended actors?
A
Improper Authentication
B
Session Fixation
C
Insecure Cryptographic Storage
D
Unvalidated Redirects and Forwards
Slide 43 - Quizvraag
Slide 44 - Tekstslide
What security risk is GraphQL known for?
A
DoS attacks using expensive queries
B
Apollo Server having major security holes in major version releases
C
GraphQL doesn't support JWT tokens
D
Blabla, REST is better, blabla
Slide 45 - Quizvraag
Slide 46 - Tekstslide
What information can you trust from a JWT you received?
A
The user ID
B
The expiration date
C
The algorithm that was used to sign it
D
Everything, as long as you validate the signature with your private key.
Slide 47 - Quizvraag
Slide 48 - Tekstslide
What should you do to keep your Angular application up to date regarding security?
A
Nothing, Angular got you covered
B
Keep current with the latest Angular library releases
C
Use a 3rd party library
D
Don't modify your copy of Angular
Slide 49 - Quizvraag
Slide 50 - Tekstslide
An unexpected result when two actions do not occur in the same order is called what?
A
De-referencing
B
A race condition
C
An insecure function
D
Improper error handling
Slide 51 - Quizvraag
Slide 52 - Tekstslide
Logging is only meant to tell me my code is misbehaving
A
True, it is only written so a developer can see what is happening
B
False, it can also be used as a reporting tool
C
False, it can also give insights in common and unexpected usage of my code
Slide 53 - Quizvraag
Slide 54 - Tekstslide
I should commit passwords with my code as my repository is protection enough
A
TRUE
B
FALSE
Slide 55 - Quizvraag
Slide 56 - Tekstslide
I should provide as much information in my error message as possible
A
True, this makes debugging easier
B
False, this would make the payload larger than necessary
C
False, this might expose the behaviour of my code
Slide 57 - Quizvraag
Slide 58 - Tekstslide
Which statement is true?
A
REST APIs should deny access by default, except public resources
B
JWT tokens can manually be invalidated
C
The following header is valid, “Access-Control-Alllow-origin: https://*.website.com”
D
Limit the rate of API access does not minimize the harm from automated attack tooling
Slide 59 - Quizvraag
Slide 60 - Tekstslide
Slide 61 - Tekstslide
Slide 62 - Tekstslide
You just received an email that looks phishy, what do you do with it?
A
Report it to information-security-nl@incentro.com
B
Ignore it and throw it in the digital bin
C
Report it through the Google phishing report-button
D
Click all the available links to investigate where it came from so you can report them.
Slide 63 - Quizvraag
Slide 64 - Tekstslide
You just received an email that looks phishy, and have clicked the link... now what?
A
Report it to information-security-nl@incentro.com
B
Ignore it and throw it in the digital bin
C
Report it through the Google phishing report-button
D
Click all the available links to investigate where it came from so you can report them.
Slide 65 - Quizvraag
Slide 66 - Tekstslide
What is the most common cause of IT security breaches
A
Hackers
B
Code errors
C
Human behavior
D
Phishing emails
Slide 67 - Quizvraag
Slide 68 - Tekstslide
Which threat vector is most commonly exploited by attackers who are at a distance
A
email
B
direct access
C
wireless
D
Removable media
Slide 69 - Quizvraag
Slide 70 - Tekstslide
Which ones are valid web security vulnerabilities?
A
CSRF
B
XSS
C
UDP
D
SSRF
Slide 71 - Quizvraag
Slide 72 - Tekstslide
What should you do to protect a React application against XSS attacks?
A
Sanitize all the user content strings you output
B
Nothing, React has built-in XSS protection
C
Throw an error if a user tries to input characters like `<>`
D
alert(1);
Slide 73 - Quizvraag
Slide 74 - Tekstslide
Which signs should I check in order to recognize a phishing email?
A
The time it was sent
B
Content poorly written, often with misspelling
C
Including suspicious links and/or attachments
D
Sent by a wrong domain
Slide 75 - Quizvraag
Slide 76 - Tekstslide
Spoofing a WiFi Access point is also called?
A
An evil twin attack
B
Pineapple attack
C
A keystroke Injection
D
Nmap scan Attack
Slide 77 - Quizvraag
Slide 78 - Tekstslide
Slide 79 - Tekstslide
To prevent an CSRF attack, an web application should?
A
Make sure that POST, PUT, PATCH & DELETE calls are idempotent
B
Transmit the CSRF token by only using cookies
C
Generate the CSRF token on the service-side and require a custom-HTTP-header per request
D
Only permit HTTPS requests
Slide 80 - Quizvraag
Slide 81 - Tekstslide
Slide 82 - Tekstslide
Which statement is true?
A
REST APIs should deny access by default, except public resources
B
JWT tokens can manually be invalidated
C
The following header is valid, “Access-Control-Alllow-origin: https://*.website.com”
D
Limit the rate of API access does not minimize the harm from automated attack tooling
