App
Security
Cryptography
IAM
Social Engineering
Password Attacks
100

 What is the primary goal of application security?

To prevent unauthorized access to data and functionality within an application.

100

What is cryptography?

Cryptography is the practice and study of techniques for secure communication in the presence of third parties.

100

What is identity and access management (IAM)?

IAM is the framework of policies and technologies for ensuring that only authorized individuals have access to resources.

100

What is social engineering?

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.

100

What is a password attack?

A password attack is an attempt to gain unauthorized access to a system or account by guessing or cracking passwords.

200

What is the difference between white-box and black-box testing in application security?

White-box testing involves testing with knowledge of the internal workings of the application, while black-box testing is done without any knowledge of the internal structure.

200

What is the purpose of encryption in cryptography?

Encryption is used to transform plaintext into ciphertext, making it unreadable to unauthorized parties.


200

What is multi-factor authentication (MFA)?

MFA is a security process that requires users to provide two or more forms of authentication before granting access to a system.

200

What is pretexting?

Pretexting is a form of social engineering in which an attacker creates a fabricated scenario to obtain sensitive information from a target.

200

What is brute force password cracking?

Brute force password cracking is a method of trying every possible password combination until the correct one is found.

300

What is the principle of least privilege in application security?

The principle of least privilege states that users should only be given the minimum level of access or permissions necessary to perform their job functions.

300

What is the difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a pair of keys: public and private.

300

What is the principle of least privilege in the context of IAM?

The principle of least privilege states that individuals should have only the minimum level of access necessary to perform their job functions.

300

What is phishing?

Phishing is a type of social engineering attack in which attackers attempt to trick individuals into revealing sensitive information by posing as a trustworthy entity.

300

What is a dictionary attack?

A dictionary attack is a type of password attack that uses a predefined list of common passwords or words from the dictionary to guess passwords.

400

What are some common security vulnerabilities found in web applications?

Examples include SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and broken authentication.

400

What is a digital signature?

A digital signature is a cryptographic technique used to verify the authenticity and integrity of a message or document.

400

What is role-based access control (RBAC)?

RBAC is a method of restricting network access based on the roles of individual users within an organization.

400

What are some common indicators of a phishing email?

Indicators include spelling and grammar errors, urgent requests for personal information, and suspicious email addresses or URLs.  

400

What is salting in the context of password storage?

alting involves adding a random value to each password before hashing it, making it more difficult for attackers to use precomputed hash tables.

500

What is the purpose of input validation in application security?

Input validation helps ensure that user-supplied data is clean, correct, and safe to use, thereby preventing various types of attacks such as injection attacks.

500

What is the role of cryptographic hashing in security?

Cryptographic hashing is used to securely store passwords, verify data integrity, and generate unique identifiers

500

 What are some common IAM challenges in cloud computing environments?

Challenges include identity federation, compliance requirements, and maintaining centralized control over distributed resources.

500

What are some strategies for mitigating social engineering attacks?

 Strategies include employee training and awareness programs, implementing strong authentication mechanisms, and regularly testing security controls.

500

What are some best practices for creating strong passwords?

Best practices include using a combination of letters, numbers, and special characters, avoiding easily guessable information, and regularly updating passwords.

M
e
n
u