Q.1 Which of the following is a common attack targeting web applications by injecting malicious SQL queries?
Cross-Site Scripting (XSS)
SQL Injection
Denial of Service (DoS)
Phishing
Explanation - SQL Injection occurs when an attacker inserts malicious SQL statements into an input field to manipulate the database.
Correct answer is: SQL Injection
Q.2 What does XSS stand for in web security?
Cross-Site Scripting
Extended Security Standard
Extra Server Safety
Cross-Site Safety
Explanation - XSS allows attackers to inject client-side scripts into web pages viewed by other users.
Correct answer is: Cross-Site Scripting
Q.3 Which HTTP header can help prevent clickjacking attacks?
Content-Security-Policy
X-Frame-Options
Strict-Transport-Security
Cache-Control
Explanation - The X-Frame-Options header tells the browser whether a page can be displayed in a frame, preventing clickjacking.
Correct answer is: X-Frame-Options
Q.4 Which of the following is the safest method to store user passwords?
Plaintext
Base64 encoding
Hashing with salt
Reversible encryption
Explanation - Hashing passwords with a unique salt for each user prevents attackers from easily recovering plaintext passwords.
Correct answer is: Hashing with salt
Q.5 CSRF attacks primarily target:
User sessions
Database servers
DNS servers
Email accounts
Explanation - Cross-Site Request Forgery (CSRF) tricks a user into submitting unwanted actions on a web application where they are authenticated.
Correct answer is: User sessions
Q.6 Which method is recommended to prevent XSS attacks?
Input validation and output encoding
Disabling cookies
Using HTTP instead of HTTPS
Hiding server errors
Explanation - Validating inputs and properly encoding outputs helps prevent malicious scripts from executing in users’ browsers.
Correct answer is: Input validation and output encoding
Q.7 What is the main purpose of HTTPS?
Faster website loading
Data encryption and integrity
Blocking all malware
Improving SEO
Explanation - HTTPS ensures that data transmitted between client and server is encrypted and protected from tampering.
Correct answer is: Data encryption and integrity
Q.8 Which type of attack overwhelms a web server with traffic to make it unavailable?
SQL Injection
Denial of Service (DoS)
Man-in-the-Middle
Session Hijacking
Explanation - DoS attacks flood a server with requests, exhausting resources and causing downtime.
Correct answer is: Denial of Service (DoS)
Q.9 What is the purpose of input validation in secure coding?
To improve website speed
To ensure inputs meet expected format
To store data efficiently
To enhance UI design
Explanation - Input validation prevents malicious data from entering the system, reducing the risk of attacks.
Correct answer is: To ensure inputs meet expected format
Q.10 Which security practice helps prevent session hijacking?
Using secure cookies
Disabling JavaScript
Increasing server RAM
Shortening URLs
Explanation - Secure cookies prevent attackers from stealing session tokens, reducing the risk of hijacking.
Correct answer is: Using secure cookies
Q.11 Which of the following is a vulnerability caused by improper access control?
Privilege escalation
SQL Injection
Cross-Site Scripting
DNS Spoofing
Explanation - Improper access control can allow attackers to gain higher privileges than intended.
Correct answer is: Privilege escalation
Q.12 What is the main risk of using eval() in JavaScript with user input?
Syntax errors
Memory leaks
Code injection
Browser compatibility issues
Explanation - Using eval() with untrusted input can execute malicious code on the client side.
Correct answer is: Code injection
Q.13 Which of the following is NOT a secure coding practice?
Sanitizing inputs
Encrypting sensitive data
Hardcoding passwords
Implementing proper error handling
Explanation - Hardcoding passwords is insecure as it exposes credentials in the source code.
Correct answer is: Hardcoding passwords
Q.14 What does CSP (Content Security Policy) help prevent?
SQL Injection
Cross-Site Scripting
Man-in-the-Middle
Denial of Service
Explanation - CSP allows a website to control which resources can be loaded, mitigating XSS attacks.
Correct answer is: Cross-Site Scripting
Q.15 In web security, parameterized queries are used to:
Increase page load speed
Prevent SQL Injection
Store user sessions
Enable caching
Explanation - Parameterized queries separate SQL code from data inputs, preventing malicious injection.
Correct answer is: Prevent SQL Injection
Q.16 Which attack intercepts communication between two parties to eavesdrop or alter data?
Phishing
Man-in-the-Middle
SQL Injection
Brute Force Attack
Explanation - MITM attacks involve intercepting communication to steal or manipulate information.
Correct answer is: Man-in-the-Middle
Q.17 Which of the following is a common technique to protect web forms against bots?
CAPTCHA
Base64 encoding
Disabling CSS
Session cookies
Explanation - CAPTCHA differentiates humans from automated bots to prevent automated abuse.
Correct answer is: CAPTCHA
Q.18 Which of the following is a benefit of using HTTPS over HTTP?
Encrypted data transmission
Faster server response
No need for authentication
Unlimited bandwidth
Explanation - HTTPS encrypts data, ensuring confidentiality and integrity between client and server.
Correct answer is: Encrypted data transmission
Q.19 Which practice helps prevent buffer overflow attacks in C/C++?
Input validation and bounds checking
Using global variables
Hardcoding inputs
Skipping memory allocation
Explanation - Ensuring data fits within allocated buffers prevents overflow and potential code execution.
Correct answer is: Input validation and bounds checking
Q.20 What is the purpose of logging and monitoring in web security?
To debug UI issues
To detect and respond to attacks
To speed up the server
To improve SEO
Explanation - Logging and monitoring help identify suspicious activity and respond to security incidents.
Correct answer is: To detect and respond to attacks
Q.21 Which of the following is considered a weak password?
P@ssw0rd123
Qwerty
5tr0ng!Pass
G#7vB9xL
Explanation - Simple or common passwords like 'Qwerty' are easily guessable and insecure.
Correct answer is: Qwerty
Q.22 What does input sanitization involve?
Removing dangerous characters from user input
Encrypting input data
Storing inputs in logs
Compressing input for efficiency
Explanation - Sanitization removes or escapes characters that could be used in attacks like XSS or SQL Injection.
Correct answer is: Removing dangerous characters from user input
Q.23 Which of these is an example of client-side security measure?
Input validation using JavaScript
Database encryption
Server-side authentication
Firewall configuration
Explanation - Client-side validation helps catch input errors before reaching the server, though it should not replace server-side checks.
Correct answer is: Input validation using JavaScript
Q.24 What is the main goal of secure coding practices?
Improve code readability
Prevent vulnerabilities and attacks
Reduce file size
Increase software speed
Explanation - Secure coding practices aim to minimize security flaws that attackers could exploit.
Correct answer is: Prevent vulnerabilities and attacks
Q.25 Which of the following is an example of sensitive data that must be protected in web applications?
User passwords
Homepage images
CSS files
JavaScript variables
Explanation - Sensitive data like passwords must be protected through encryption and secure storage.
Correct answer is: User passwords