30183889
Description
Quiz by Pascal Bartl, updated more than 1 year ago
|
Created by Pascal Bartl
about 3 years ago
|
|
Question 1
Question
Which of the following terms refer to security vulnerabilities in software? (3)
Answer
-
Scalar type declaration
-
Cross-site scripting (XSS)
-
Bounded context
-
Authentication bypass (or broken authentication)
-
False vacuum theory
-
Injection flaws
Question 2
Question
Is it possible to output form fields dynamically (e.g. with JavaScript) in an action? (1)
Answer
-
This is not possible for security reasons
-
This is possible, but requires the addition of an annotation @dontverifyrequesthash to the target action
-
This is possible, but requires the addition of an annotation @ignorevalidation to the target action
-
This is possible, but requires the addition of an annotation @dontvalidate to the target action
-
This is possible by activating the TypoScript option persistence.enableDynamicForms
Question 3
Question
Which of the following ViewHelpers check whether a frontend user is logged-in and is a member of the group
“news” (UID = 5)? (2)
Answer
-
<f:if condition="{TSFE.loginUser.group == 5}">.
-
<f:security.ifHasRole role="5">
-
<f:security.ifHasRole role="news">
-
<f:security.ifAuthenticated>
-
<f:security.loginUser group_id="5">
Question 4
Question
Which statements about security in Fluid are correct? (2)
Answer
-
Fluid applies htmlspecialchars() when HTML content of a variable is output
-
Fluid automatically removes all HTML tags if the content of a variable contains HTML code
-
To protect users against XSS attacks, an exception is triggered if a variable contains HTML code
-
The FormatRaw-ViewHelper (<f:format.raw>) can be used to output the content of variables unfiltered
-
All HTML code should be passed to the FormatHtml-ViewHelper (<f:format.html>) for security reasons
Question 5
Question
What is the purpose of the “FormProtectionFactory”? (1)
Answer
-
Protection against SQL injections
-
Protection against man-in-the-middle attacks
-
Protection against cross-site scripting (XSS) attacks
-
Protection against cookie theft
-
Protection against cross-site request forgery (CSRF)
Question 6
Question
Which methods sanitize variables for the QueryBuilder and make the value SQL injection safe for prepared statements? (3)
Answer
-
The method quoteIdentifier()
-
The method quoteIdentifiers()
-
The method sanitizeValue()
-
The method createNamedParameter()
-
The method secureQuery()
Want to create your own Quizzes for free with GoConqr? Learn more.