Home » Quiz » Page 1665

Describe the role of Subresource Integrity (SRI) in preventing XSS attacks.

  • Encrypts sensitive user information
  • Enforces Same-Origin Policy
  • Ensures secure transmission of data
  • Validates and verifies external scripts
Subresource Integrity (SRI) is a security feature that helps prevent XSS attacks by ensuring the integrity of external scripts, validating and verifying that they haven't been tampered with.
Discuss it

How can input sanitization be ineffective against certain advanced XSS attacks?

  • By encoding payloads
  • By exploiting browser vulnerabilities
  • By using Content Security Policy (CSP)
  • By using client-side validation
Advanced XSS attacks may bypass input sanitization through techniques like exploiting browser vulnerabilities, making sanitization ineffective in preventing such attacks.
Discuss it

What is the key difference between Stored XSS and Reflected XSS attacks?

  • Reflected XSS involves non-persistent injection
  • Reflected XSS targets the client-side
  • Stored XSS involves persistent injection
  • Stored XSS targets the server-side
Stored XSS involves the injection of malicious scripts that persist on the target, whereas Reflected XSS involves non-persistent injection and reflects the payload back to the user.
Discuss it

What is the significance of using HttpOnly cookies in the context of XSS prevention?

  • They are encrypted during transmission
  • They can only be accessed via HTTP
  • They cannot be accessed by JavaScript
  • They have a longer expiration time
HttpOnly cookies cannot be accessed by JavaScript, making them more secure against XSS attacks as malicious scripts won't have access to sensitive cookie information.
Discuss it

What mechanism does WebSocket use to achieve full-duplex communication?

  • Long Polling
  • Polling
  • Request-Response
  • WebSocket uses its own protocol
WebSocket achieves full-duplex communication by using its own protocol, which enables bidirectional communication between the client and the server in real-time without the need for constant polling.
Discuss it

How are WebSocket connections initiated in the context of a servlet-based web application?

  • They are automatically established when the web application starts.
  • They are initiated through a dedicated WebSocket servlet.
  • They are initiated using the openConnection() method.
  • They require manual configuration in the web.xml file.
WebSocket connections in a servlet-based web application are initiated through a dedicated WebSocket servlet, which is configured to handle WebSocket communication.
Discuss it

What is the role of @ServerEndpoint annotation in Java WebSocket API?

  • It configures the server's endpoint settings.
  • It defines the client's endpoint in a WebSocket connection.
  • It handles exceptions during WebSocket communication.
  • It marks a class as a WebSocket endpoint.
The @ServerEndpoint annotation in Java WebSocket API is used to mark a class as a WebSocket endpoint, allowing the class to handle WebSocket communication on the server side.
Discuss it

How does the WebSocket protocol handle message framing compared to HTTP?

  • Messages are framed using JSON format.
  • Messages are framed using XML format.
  • Messages are framed using headers and payload.
  • Messages are not framed; they are sent as a continuous stream.
The WebSocket protocol handles message framing by using headers and payload, unlike HTTP, where messages are not framed, and they are sent as a continuous stream.
Discuss it

In the context of servlets, what is a key difference between HTTP and WebSocket protocols?

  • Connectionless protocol
  • Full-duplex communication
  • Request-Response model
  • Stateless communication
A key difference between HTTP and WebSocket protocols is that WebSocket enables full-duplex communication, allowing both the client and server to send messages independently in real-time.
Discuss it

Which Java API is used for creating WebSocket applications in Java EE?

  • java.socket
  • java.web
  • javax.communication
  • javax.websocket
The javax.websocket API is used for creating WebSocket applications in Java EE, providing classes and interfaces to work with the WebSocket protocol.
Discuss it

What is the primary purpose of using WebSockets in web applications?

  • Batch processing
  • File storage
  • Real-time communication
  • Static content delivery
The primary purpose of WebSockets in web applications is to enable real-time communication between the client and server, allowing for interactive and dynamic updates without the need for constant polling.
Discuss it

In a scenario where a user's session cookies are stolen via XSS, what security measures could have prevented this?

  • Cross-Site Request Forgery (CSRF) Token
  • Data Encryption
  • HttpOnly Cookies
  • Multi-Factor Authentication (MFA)
The use of HttpOnly Cookies, which cannot be accessed by JavaScript, is a security measure that could have prevented the theft of session cookies via XSS. By restricting access, the impact of XSS attacks on session data can be mitigated.
Discuss it