Artificial Intelligence
Please fill the required field.

Question 1 Which two functions are provided by a web proxy device? (Choose two.) check_box_outline_blank caching of HTTP messages check_box_outline_blank scanning a web server for related contents check_box_outline_blank translating HTTP me

Here are the answers to the questions provided: ### Question 1 **Which two functions are provided by a web proxy device? (Choose two.)** - **caching of HTTP messages** - **enabling HTTP transfers across a firewall** ### Question 2 **Match the HTTP status code contained in a web server response to the description.** - codes in the 200 range: **C** (related to successful transactions) - codes in the 300 range: **A** (related to HTTP redirections) - codes in the 400 range: **B** (related to client errors) - codes in the 500 range: **D** (related to server errors) - codes in the 100 range: **E** (informational) ### Question 3 **Match the elements in the URL ftp://xyz-company.com:2457/support/file;id=65?name=intro&r=true to the description.** - xyz-company.com: **F** (host) - 2457: **B** (port) - support/file: **D** (path) - ftp: **A** (scheme) - name=intro&r=true: **E** (query-string) - id=65: **C** (path-segment-params) ### Question 4 **Which function is provided by HTTP 2.0 to improve performance over HTTP 1.1?** - **HTTP 2.0 provides HTTP message multiplexing and requires fewer messages to download web content.** ### Question 5 **Why should application developers change the session ID names used by common web application development frameworks?** - **These session ID names can be used to fingerprint the application framework employed.** ### Question 6 **Which mechanism is used by the shopping site to securely maintain user authentication during shopping?** - **session ID** ### Question 7 **What is the best mitigation approach against session fixation attacks?** - **Ensure that the session ID is used after a user completes authentication.** ### Question 8 **Which two attributes can be set in a web application cookie to indicate it is a persistent cookie? (Choose two.)** - **Expires** - **Max-Age** ### Question 9 **Which international organization is dedicated to educating industry professionals, creating tools, and evangelizing best practices for securing web applications and underlying systems?** - **Open Web Application Security Project (OWASP)** ### Question 10 **Which component in the statement below is most likely user input on a web form?** - **network** ### Question 11 **Which statement describes an example of an out-of-band SQL injection attack?** - **An attacker launches the attack on a web site and forces the web application to send the query results via an email.** ### Question 12 **What type of SQL injection attack is the threat actor using?** - **blind** ### Question 13 **Which technique exploits the SQL injection vulnerability on the web application?** - **Union operator** ### Question 14 **Which type of SQL query is in the SQL statement select * from users where user = "admin";?** - **static query** ### Question 15 **Which type of penetration testing can be used to verify the proper configuration of the Active Directory service?** - **LDAP injection** ### Question 16 **What is a potentially dangerous web session management practice?** - **including the session ID in the URL** ### Question 17 **What is the effect of the HTTPOnly flag?** - **It forces the web browser to have the cookies processed only by the server.** ### Question 18 **Which threat does this policy mitigate?** - **Default credential attack** ### Question 19 **Which type of vulnerability does the attacker try to exploit?** - **HTTP parameter pollution** ### Question 20 **Where would the tester use the string for testing XSS vulnerabilities?** - **in a user input field in a web form** ### Question 21 **According to OWASP, which three statements are rules to prevent XSS attacks? (Choose three.)** - **Use HTML escape before inserting untrusted data into HTML element content.** - **Use attribute escape before inserting untrusted data into HTML common attributes.** - **Use JavaScript escape before inserting untrusted data into JavaScript data values.** ### Question 22 **Which type of web vulnerability is being exploited by the attacker?** - **directory traversal** ### Question 23 **Which type of vulnerability did the attacker try to exploit?** - **remote file inclusion** ### Question 24 **What insecure code practice enabled this catastrophic threat?** - **use of hard-coded credentials** ### Question 25 **What is the best practice to mitigate the vulnerabilities from a lack of proper error handling in an application?** - **Use a well-thought-out scheme to provide meaningful error messages to the users but no useful information to an attacker.** These answers reflect best practices and known security principles related to web applications and security testing.