• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

mutiple choice questions regarding security in SCEA-1

 
Ranch Hand
Posts: 98
MyEclipse IDE Oracle
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I got the below questions from one of the Blogs written in course of preparing for SCEA.
Please help me getting the most correct answer to this questions as I have problem figuring out.


Which is an appropriate technique for minimizing the consequences of a successful attack?

A. Input validation
B. Principle of least privilege
C. Encryption of wire transmissions
D. Use of strong/two-factor authentication


Your company is going through an extensive security audit and it has been identified that your internet-facing web site is vulnerable to SQL injection from authenticated users. Which two are appropriate for mitigating this threat? (Choose two.)

A. Using security roles in the deployment descriptor
B. In stored procedures called with prepared statements
C. Adding an intercepting validation filter to your system,
D. Requiring SSL in the deployment descriptor transport guarantee.




Thanks!
Aruna.
 
author & internet detective
Posts: 41878
909
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Questions were from http://mycollectivematerial.blogspot.com/.

What do you think the answer is. Also, the site gives a correct answer. What was it? Do you agree? Why or why not?
 
aruna sydu
Ranch Hand
Posts: 98
MyEclipse IDE Oracle
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Hi Jeanne,

Please bear with me as I am not very good at security.

For first question the answer is B.Principle of least privilege.When I read the question I thought all of the choices are required for minimizing the consequences of a successful attack.

And the answer to second question is B and C , I absolutely agree with option C , however i could not understand why procedure should be introduced in the design to mitigate the threat.

Please clarify.

Thanks & Regards,
Aruna.
 
Jeanne Boyarsky
author & internet detective
Posts: 41878
909
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Aruna,
I agree with the sample answers.

For the first one, A/C/D reduce the chance of an attack. B reduces the impact of the attack one the user is in.

For the second one, B prevents SQL injection because binding variables are used instead of raw strings.
 
aruna sydu
Ranch Hand
Posts: 98
MyEclipse IDE Oracle
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Thanks a lot Jeanne
 
reply
    Bookmark Topic Watch Topic
  • New Topic