51 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list usually includes “cross-site scripting (XSS).” Which of the following is not a method for reducing the risk of XSS attacks?Put untrusted data in only allowed slots of HTML documents.HTML escape when including untrusted data in any HTML elements.Use the attribute escape when including untrusted data in attribute elements.Encrypt all HTML documents.
52 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list usually includes “cross-site scripting (XSS).” Which of the following is not a method for reducing the risk of XSS attacks?Use an auto-escaping template system.Use XML escape for all identity assertions.Sanitize HTML markup with a library designed for the purpose.HTML escape JSON values in an HTML context and read the data with JSON.parse.
53 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “insecure direct object references.” Which of these is an example of an insecure direct object reference?www.sybex.com/authoraccounts/benmalisow10 ? "sybex accounts"; 20 goto 10mysql -u [bmalisow] -p [database1];[email protected]
54 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “insecure direct object references.” Which of these is a method to counter the risks of insecure direct object references?Perform user security training.Check access each time a direct object reference is called by an untrusted source.Install high-luminosity interior lighting throughout the facility.Append each object with sufficient metadata to properly categorize and classify based on asset value and sensitivity.
55 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “security misconfiguration.” Which of these is an example of a security misconfiguration?Not providing encryption keys to untrusted usersHaving a public-facing websiteLeaving default accounts unchangedUsing turnstiles instead of mantraps
56 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “security misconfiguration.” Which of these is an example of a security misconfiguration?Having unpatched software in the production environmentLeaving unprotected portable media in the workplaceLetting data owners determine the classifications/categorizations of their dataPreventing users from accessing untrusted networks
57 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “security misconfiguration.” Which of these is a technique to reduce the potential for a security misconfiguration?Enforce strong user access control processes.Have a repeatable hardening process for all systems/software.Use encryption for all remote access.Use encryption for all stored data.
58 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list usually includes “security misconfiguration.” Which of these is a technique to reduce the potential for a security misconfiguration?Broad user training that includes initial, recurring, and refresher sessionsDeeper personnel screening procedures for privileged users than is used for regular usersA repeatable patching process that includes updating libraries as well as softwareRandomly auditing all user activity, with additional focus on privileged users
59 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list usually includes “security misconfiguration.” Which of these is a technique to reduce the potential for a security misconfiguration?Purchase only trusted devices/components.Follow a published, known industry standard for baseline configurations.Hire only screened, vetted candidates for all positions.Update policy on a regular basis, according to a proven process.
60 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list usually includes “security misconfiguration.” Which of these is a technique to reduce the potential for a security misconfiguration?Get regulatory approval for major configuration modifications.Update the business continuity and disaster recovery (BC/DR) plan on a timely basis.Train all users on proper security procedures.Perform periodic scans and audits of the environment.
61 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “sensitive data exposure.” Which of these is a technique to reduce the potential for a sensitive data exposure?Extensive user training on proper data handling techniquesAdvanced firewalls inspecting all inbound traffic, to include content-based screeningEnsuring the use of utility backup power suppliesRoving security guards
62 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “sensitive data exposure.” All of the following are techniques for reducing the possibility of exposing sensitive data, except ____________.Destroying sensitive data as soon as possibleAvoiding categorizing data as sensitiveUsing proper key management when encrypting sensitive dataDisabling autocomplete on forms that collect sensitive data
63 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list sometimes includes “missing function level access control.” Which of these is a technique to reduce the potential for a missing function-level access control?Set the default to deny all access to functions, and require authentication/authorization for each access request.HTML escape all HTML attributes.Restrict permissions based on an access control list (ACL).Refrain from including direct access information in URLs.
64 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list sometimes includes “missing function level access control.” Which of these is a technique to reduce the potential for a missing function-level access control?Run a process as both user and privileged user, compare results, and determine similarity.Run automated monitoring and audit scripts.Include browser buttons/navigation elements to secure functions.Enhance user training to include management personnel.
65 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “cross-site request