Incentro Cyber Security 26-01-2022
1 / 58
Onderdelen in deze les
Slide 1 - Tekstslide
Slide 2 - Tekstslide
Slide 3 - Tekstslide
Slide 4 - Tekstslide
Slide 5 - Tekstslide
Slide 6 - Tekstslide
Slide 7 - Tekstslide
Slide 8 - Tekstslide
Slide 9 - Tekstslide
Slide 10 - Tekstslide
Slide 11 - Tekstslide
Slide 12 - Tekstslide
Slide 13 - Tekstslide
Slide 14 - Tekstslide
Spoofing a WiFi Access point is also called?
A
An evil twin attack
B
Pineapple attack
C
A keystroke Injection
D
Nmap scan Attack
Slide 15 - Quizvraag
Slide 16 - Tekstslide
Slide 17 - Tekstslide
HTTPS is helpful for?
A
For preventing CSRF attacks
B
For preventing XSS attacks
C
For preventing SQL injections
D
For preventing Sniffing attacks
Slide 18 - Quizvraag
Slide 19 - Tekstslide
Slide 20 - Tekstslide
Slide 21 - Tekstslide
Which statement is true?
A
REST APIs should deny access by default, except public resources
B
JWT tokens can manually be invalidated
C
The following header is valid, “Access-Control-Alllow-origin: https://*.website.com”
D
Limit the rate of API access does not minimize the harm from automated attack tooling
Slide 22 - Quizvraag
Slide 23 - Tekstslide
Slide 24 - Tekstslide
Slide 25 - Tekstslide
To prevent an CSRF attack, an web application should?
A
Make sure that POST, PUT, PATCH & DELETE calls are idempotent
B
Transmit the CSRF token by only using cookies
C
Generate the CSRF token on the service-side and require a custom-HTTP-header per request
D
Only permit HTTPS requests
Slide 26 - Quizvraag
Slide 27 - Tekstslide
Slide 28 - Tekstslide
Slide 29 - Tekstslide
The best way to store passwords is by
A
Make sure that POST, PUT, PATCH & DELETE calls are idempotent
B
Transmit the CSRF token by only using cookies
C
Generate the CSRF token on the service-side and require a custom-HTTP-header per request
D
Only permit HTTPS requests
Slide 30 - Quizvraag
Slide 31 - Tekstslide
Slide 32 - Tekstslide
Slide 33 - Tekstslide
Which statement is true?
A
By using the AES-256 encryption.
B
By using the slow Argon2id hashing.
C
By using base64 encoding.
D
By using the fast SHA-1 hashing.
Slide 34 - Quizvraag
Slide 35 - Tekstslide
Slide 36 - Tekstslide
Slide 37 - Tekstslide
Which statement is true :)?
A
To analyse vulnerabilities in the node modules you can use npm audit.
B
Always specify a USER when creating Docker files
C
To analyse vulnerabilities in for the maven dependencies you can use the owasp dependency check maven
D
All of the above :)
Slide 38 - Quizvraag
Slide 39 - Tekstslide
Slide 40 - Tekstslide
CIA in IT Security means what?
A
Central Intelligence Agency
B
Confidentiality, Integrity and Availability
C
Continuity, Integrity and Accessibility
D
Continuity, Integration and Availability
Slide 41 - Quizvraag
Slide 42 - Tekstslide
Slide 43 - Tekstslide
Slide 44 - Tekstslide
What is 'Alpine'?
A
Adventurous form of skiing
B
Open Source Security Tool by Google
C
Linux distribution
D
City in Wyoming, USA
Slide 45 - Quizvraag
Slide 46 - Tekstslide
Slide 47 - Tekstslide
Slide 48 - Tekstslide
Which of the following is the most secure password option?
A
x509 certificate
B
Welkom2007
C
t:u7?3H%>-3tH(e3SksNr.b#
D
pointed-silica-womb-garden
Slide 49 - Quizvraag
Slide 50 - Tekstslide
Slide 51 - Tekstslide
Slide 52 - Tekstslide
Within how much time after public disclosure did GCP Cloud Armor provide protection against Log4J2?
A
Direct at public disclosure
B
Within 24 hours
C
Within 7 days
D
Still no protection
