Q.1 What is the primary purpose of application security?
To improve application performance
To protect applications from security threats
To increase user engagement
To simplify coding process
Explanation - Application security focuses on safeguarding software applications from threats like SQL injection, XSS, and data breaches.
Correct answer is: To protect applications from security threats
Q.2 Which of the following is a common type of web application vulnerability?
Cross-Site Scripting (XSS)
Load balancing
Data caching
Image optimization
Explanation - XSS is a vulnerability where attackers inject malicious scripts into web pages viewed by other users.
Correct answer is: Cross-Site Scripting (XSS)
Q.3 What does SQL injection exploit?
Weak passwords
Vulnerable SQL queries
Encryption algorithms
Firewall rules
Explanation - SQL injection occurs when attackers insert malicious SQL code into queries to manipulate databases.
Correct answer is: Vulnerable SQL queries
Q.4 Which practice helps prevent sensitive data exposure in applications?
Storing passwords in plaintext
Using strong encryption
Disabling HTTPS
Hardcoding API keys
Explanation - Strong encryption protects sensitive data both in transit and at rest, reducing risk of exposure.
Correct answer is: Using strong encryption
Q.5 What is the main goal of input validation in application security?
Improve database performance
Prevent malicious data entry
Enhance user interface
Increase server speed
Explanation - Input validation ensures only safe and expected data is processed, reducing injection and other attacks.
Correct answer is: Prevent malicious data entry
Q.6 Which protocol is recommended for securing data transmitted between a client and server?
HTTP
HTTPS
FTP
Telnet
Explanation - HTTPS uses SSL/TLS encryption to secure communication between clients and servers.
Correct answer is: HTTPS
Q.7 What is Cross-Site Request Forgery (CSRF)?
An attack forcing a user to execute unwanted actions
A method to compress application code
A type of password hashing
A database optimization technique
Explanation - CSRF tricks authenticated users into performing unintended actions on web applications without their consent.
Correct answer is: An attack forcing a user to execute unwanted actions
Q.8 Which of these is a best practice for password management in applications?
Store passwords in plaintext
Use salted hashing
Send passwords via email
Reuse same passwords
Explanation - Salting and hashing passwords makes it harder for attackers to recover original passwords even if the database is compromised.
Correct answer is: Use salted hashing
Q.9 What is the main risk of using outdated third-party libraries in applications?
They improve performance
They can contain known vulnerabilities
They reduce memory usage
They enhance graphics quality
Explanation - Outdated libraries may have unpatched security flaws that attackers can exploit.
Correct answer is: They can contain known vulnerabilities
Q.10 Which type of attack involves manipulating a user into performing actions on a website unknowingly?
Phishing
CSRF
Brute force
Denial of Service
Explanation - CSRF attacks force users to perform actions they didn’t intend, exploiting their authenticated session.
Correct answer is: CSRF
Q.11 What is the purpose of a Web Application Firewall (WAF)?
To block spam emails
To monitor and filter HTTP requests
To improve application speed
To backup application data
Explanation - A WAF protects web applications by filtering malicious traffic such as XSS, SQL injection, and other attacks.
Correct answer is: To monitor and filter HTTP requests
Q.12 Which of the following is an example of sensitive data that needs protection?
Usernames
Passwords
Email addresses
All of the above
Explanation - All these data types can be exploited if exposed and must be secured properly.
Correct answer is: All of the above
Q.13 What is the principle of least privilege in application security?
Giving users full access to all resources
Restricting users to only the access they need
Removing all security controls
Sharing admin passwords
Explanation - The principle of least privilege limits permissions to reduce potential security breaches.
Correct answer is: Restricting users to only the access they need
Q.14 Which attack targets the client-side code of web applications?
XSS
SQL injection
Buffer overflow
ARP spoofing
Explanation - Cross-Site Scripting (XSS) injects malicious scripts into client browsers to steal data or manipulate content.
Correct answer is: XSS
Q.15 Why should developers avoid hardcoding sensitive information in applications?
It increases performance
It can be easily exposed if code is leaked
It improves encryption
It reduces network usage
Explanation - Hardcoding secrets like passwords or API keys can lead to compromise if the source code is accessed by attackers.
Correct answer is: It can be easily exposed if code is leaked
Q.16 What is session hijacking?
When an attacker steals a user's session token to impersonate them
When a session expires naturally
When the server crashes
When data is encrypted in a session
Explanation - Session hijacking allows attackers to gain unauthorized access by taking over an active user session.
Correct answer is: When an attacker steals a user's session token to impersonate them
Q.17 Which of these is a method to prevent XSS attacks?
Encoding user input
Storing passwords in plaintext
Disabling firewalls
Using HTTP instead of HTTPS
Explanation - Properly encoding input prevents malicious scripts from being executed in users' browsers.
Correct answer is: Encoding user input
Q.18 What is the main goal of penetration testing in applications?
To find performance bottlenecks
To identify security vulnerabilities
To improve graphics rendering
To reduce memory usage
Explanation - Penetration testing simulates attacks to find and fix security weaknesses in applications.
Correct answer is: To identify security vulnerabilities
Q.19 Which of these is a secure way to handle passwords?
MD5 hashing without salt
SHA-256 with salt
Base64 encoding
Storing in plaintext
Explanation - Using a strong hash function with salt increases security against password attacks.
Correct answer is: SHA-256 with salt
Q.20 What type of attack overwhelms an application to make it unavailable?
Denial of Service (DoS)
CSRF
XSS
Phishing
Explanation - DoS attacks flood applications with traffic to exhaust resources and cause downtime.
Correct answer is: Denial of Service (DoS)
Q.21 Why is input sanitization important in web applications?
To reduce server load
To prevent malicious data from causing attacks
To improve graphics rendering
To speed up network requests
Explanation - Sanitizing input ensures that unexpected or harmful data cannot compromise the application.
Correct answer is: To prevent malicious data from causing attacks
Q.22 Which of these tools is commonly used for automated security testing?
Burp Suite
Photoshop
Visual Studio Code
MySQL Workbench
Explanation - Burp Suite is a widely used tool for security testing and vulnerability scanning of web applications.
Correct answer is: Burp Suite
Q.23 What is the purpose of rate limiting in application security?
To limit user interface features
To reduce server downtime
To prevent brute-force attacks
To compress application data
Explanation - Rate limiting restricts the number of requests a user can make, mitigating password-guessing and other automated attacks.
Correct answer is: To prevent brute-force attacks
Q.24 Which of these is considered a secure authentication method?
Single-factor password
Two-factor authentication
Reusing old passwords
None of the above
Explanation - Two-factor authentication adds an extra layer of security by requiring two forms of verification.
Correct answer is: Two-factor authentication