OWASP Top 10 Vulnerabilities Interview Question-Answer

Q.1 What type of flaw occurs when untrusted user-entered data is sent to the interpreter as part of a query or command?

       A. Cross Site Request Forgery

       B. Insecure Direct Object References

       C. Injection

       D. Insufficient Transport Layer Protection

       E. Improper Authentication

Ans : Injection


Q.2 Which of the following are the best ways to protect against injection attacks?

       A. Memory size checks

       B. Escaping

       C. Validate integer values before referencing arrays

Ans : Escaping


Q.3 Which of the following consequences are most likely to occur due to an injection attack?

       A. Denial of service

       B. Spoofing

       C. Data loss

Ans : Denial of service


Q.4 What flaw arises from session tokens having poor randomness across a range of values?

       A. Session Replay

       B. Session Fixation

       C. Insecure Direct Object References

       D. Session Hijacking

Ans : Session Hijacking


Q.5 What is the attack technique used to exploit websites by altering the backend database queries through inputting manipulated queries?

       A. LDAP Injection

       B. SQL Injection

       C. OS Commanding

       D. XML Injection

Ans : SQL Injection


Q.6 Which of the following depict the typical impact of failure to restrict URL access?

       A. Attackers impersonate any user on the system

       B. Attackers access other users accounts and data

       C. Broken Authentication and Session Management

Ans : Attackers access other users accounts and data


Q.7 What happens when an application takes user inputted data, and sends it to a web browser without proper validation and escaping?

       A. Cross Site Scripting

       B. Broken Authentication and Session Management

       C. Insecure Direct Object References

       D. Security Misconfiguration

Ans : Cross Site Scripting


Q.8 In which of the following scenarios should you use the escaping technique?

       A. When you need to tell the interpreter that input is data and not code

       B. When you need to validate any input as valid input

       C. When you are trying to protect against regular expression injection

Ans : When you need to tell the interpreter that input is data and not code


Q.9 Which of the following are the best ways to implement transport layer protection?

       A. Both IPSec & SSL Enable

       B. Install IDS

       C. Set the HttpOnly flag on session ID cookies

       D. Enable IPSec

       E. Enable SSL

Ans : Both IPSec & SSL Enable


Q.10 Which of the following actions should you take to verify the implementation of a web application?

       A. Use policy mechanisms

       B. Verify that each URL in your application is appropriately protected

       C. Use a simple and positive model at every layer

Ans : Verify that each URL in your application is appropriately protected


Q.11 What attack can be prevented by links or forms that invoke state-changing functions with an unpredictable token for each user?

       A. Cross Site Request Forgery

       B. Cross Site Tracing

       C. OS Commanding

       D. Cross Site Scripting

Ans : OS Commanding


Q.12 What threat arises from not flagging HTTP cookies with tokens, as secure?

       A. Session Hijacking

       B. Access Control Violation

       C. Insecure Cryptographic Storage

       D. Session Replay

Ans : Access Control Violation


Q.13 For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?

       A. Cross Site Scripting

       B. Session Hijacking

       C. Security Misconfiguration

       D. Session Replay

Ans : Session Replay


Q.14 Which threat can be prevented by having unique usernames generated with a high degree of entropy?

       A. Spamming

       B. Authorization Bypass

       C. Crypt-analysis of hash values

       D. Authentication Bypass

Ans : Authentication Bypass


Q.15 What is an example of a session-related vulnerability?

       A. Session Hijacking

       B. Data Transfer Protocol

       C. Security Tracing

       D. Session Spoofing

Ans : Session Hijacking


Q.16 Which of the following languages are the primary targets of cross-site scripting?

       A. SQL

       B. Java Script

       C. XML Injection

       D. XSLT

Ans : Java Script


Q.17 What is an attack that forces a user’s session credential or session ID to an explicit value?

       A. Brute Force Attack

       B. Session Fixation

       C. Session Hijacking

       D. Dictionary Attack

Ans : Session Fixation


Q.18 What happens when an application takes user inputted data and sends it to a web browser, without proper validation?

       A. Security Misconfiguration

       B. Cross Site Scripting

       C. Insecure Direct Object References

       D. Broken Authentication and Session Management

Ans : Cross Site Scripting


Q.19 Role-based access control helps prevent which OWASP Top 10 vulnerability?

       A. Security Misconfiguration

       B. Unvalidated Redirect or Forward

       C. Failure to restrict URL Access

       D. Failure to restrict URL Access

Ans : Failure to restrict URL Access


Q.20 What is an attack that exploits the trust a site has in a user’s browser?

       A. SQL Injection

       B. Cross Site Scripting

       C. Cross Site Request Forgery

       D. Session Hijacking

Ans : Cross Site Request Forgery


Q.21 Which of the following are most likely to result in insecure cryptography?

       A. Unsalted hash

       B. Missing patches

       C. New products

Ans : Unsalted hash


Q.22 Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites?

       A. Man in the middle attack

       B. Malware Uploading

       C. SQL Injection

       D. Cross Site Scripting

Ans : Cross Site Scripting


Q.23 Client-side scripts can be allowed to execute in the browsers for needed operations.

       A. True

       B. False

Ans : False


2 thoughts on “OWASP Top 10 Vulnerabilities Interview Question-Answer”

    1. Thanks a lot Sir/Madam, I really appreciate your feedback!
      Your comment motivates me to publish more such technology/knowledgeable related content
      Requesting you to stay with us and browse this website for more such content

      Please share this website on different social media platform to educate others about this content

      Thanks & Regards,
      smartanswer.in

      Email – contact@smartanswer.in

Leave a Comment

Your email address will not be published. Required fields are marked *