Question 1Which of the following application security risks occurs when untrusted data is sent to an interpreter as part of a command or query, according to the OWASP? 1 pointA3 – Sensitive data exposure A1 – injection A4 – XML external entity (XXE) A6 – security misconfiguration 2.Question 2Which of the following security risks can disclose internal files using the file URI handler, internal SMB file shares on unpatched Windows servers, internal port scanning, remote code execution, and DoS service attacks such as the billion laughs attack? 1 pointCross-site scripting (XSS) XML external entity (XXE) Broken authentication Command injection

In which of the following exploits does an attacker insert malicious code into a link that appears to be from a trustworthy source?Command InjectionPath TraversalXSSBuffer Overflow

Which of the following is not a web application security vulnerability?Sensitive data exposureXML external entitiesNon-complianceInsecure deserialization

___________________ vulnerabilities may be exploited for a man in the middle attack.Question 2Answera.Transferb.Communicationc.Datad.SharingClear my choiceQuestion 3Not yet answeredPoints out of 1.00Flag questionTipsQuestion text_______ is a desirable software trait simply because it is easier to find errors in software with this trait than it is to search through numerous classes to find errors in software that has many more unnecessary lines of code written.Question 3Answera.Traceabilityb.Predictabilityc.Dependabilityd.None of the aboveClear my choiceQuestion 4Not yet answeredPoints out of 1.00Flag questionTipsQuestion textAttackers often use _________ to force software into a stage whereby the attacker can change the value of variables in order to change the functionality of the software or gain access to the system.Question 4Answera.Countermeasureb.Vulnerabilityc.Errord.OverflowClear my choiceQuestion 5Not yet answeredPoints out of 1.00Flag questionTipsQuestion text__________ attack occurs when an attacker takes advantage of buffer data that is stored in the program's runtime stack where local variables and functions are stored in memory, making it easy for an attacker to figure out exactly which memory to overwrite.Question 5Answera.Dynamic deallocationb.Buffer deallocationc.Heap overflowd.Stack overflowClear my choice

Which of the following is a common vulnerability in web servers? Directory traversal SQL injection Cross-site scripting None of the above

________ is exploited by influencing SQL statements that do not filter input from applications to a backend database correctly.*DOS attackData LeaksPriviledge IssuesSQL Injection