Which type of attack tries multiple combinations of credentials to gain unauthorized access and can be detected through security testing?
- Brute Force Attack
- Cross-Site Scripting
- Phishing Attack
- SQL Injection
A Brute Force Attack involves cybercriminals systematically attempting all possible combinations of passwords or encryption keys until the correct one is found. Through security testing, repeated failed login attempts or unusual system calls can be detected, signifying potential brute force attempts.
Consider you are a security tester for a new web application. You identify a potential vulnerability that allows for data injection into the system. What type of vulnerability have you likely found?
- Buffer Overflow
- Cross-site Scripting (XSS)
- Distributed Denial of Service (DDoS)
- SQL Injection
SQL Injection is a type of vulnerability that allows attackers to inject malicious SQL code into an application, thereby gaining unauthorized access to a database and fetching/altering its contents. While XSS and Buffer Overflows are vulnerabilities, they aren't typically associated with direct data injection into databases.
Imagine you've implemented CI/CD in your project, and the build breaks often, causing delays. What steps can be taken to minimize the build breakages and ensure seamless integration?
- Adopt a trunk-based development approach
- Increase manual testing efforts
- Limit the frequency of commits
- Prioritize fixing broken builds
Prioritizing fixing broken builds ensures that whenever a build breaks, it becomes the top priority for the team to address. By resolving build issues immediately, it reduces the chances of compounded issues later on. This practice creates a culture of accountability and immediate feedback, ensuring that the CI/CD process remains smooth and that broken builds are addressed promptly.
How does cyclomatic complexity assist in white-box testing?
- Assesses risk in code logic
- Counts number of defects
- Determines code coverage needs
- Measures code readability
Cyclomatic complexity, introduced by Thomas McCabe, quantifies the complexity of a program by calculating the number of linearly independent paths through the source code. A higher cyclomatic value indicates a complex program with many branches, which may require more extensive testing to ensure each path is evaluated. It aids testers in assessing risks associated with the intricate logic of the code.
As a network administrator, you receive a report from your vulnerability scanner that a certain service is running on an open port which shouldn't be. What immediate action should be considered?
- Disable the service
- Increase firewall settings
- Monitor network traffic
- Run a malware scan
Disabling the service is the immediate action to consider when an unauthorized service is running on an open port. This will prevent potential exploitation while the situation is further assessed. Running a malware scan is important, but the immediate threat is mitigated by stopping the service.
Functional testing for mobile apps often includes validating the app's _______ to ensure they produce the desired outcomes.
- colors
- developers
- features
- sizes
Functional testing aims to validate the app's features by ensuring they function according to specified requirements. It verifies each function of the software application by feeding them input and examining the output.
In Selenium, to automate browser interactions, testers use the _______ to write test scripts.
- JUnit
- Maven
- TestNG
- WebDriver
Selenium provides a tool named WebDriver, which allows testers to write scripts that can automate browser interactions. WebDriver provides a simple API to interact with browsers, making it easier for testers to create automation scripts for web applications without having to know intricate browser details.
When assessing the colors, fonts, and images in an application to ensure a positive user experience, which type of testing are you most likely conducting?
- Compatibility Testing
- GUI Testing
- Load Testing
- Security Testing
GUI (Graphical User Interface) Testing primarily focuses on the visual aspects of an application, ensuring that the colors, fonts, images, and other UI elements are presented correctly and provide a positive and consistent user experience. This helps in making the application visually appealing and user-friendly.
Which advanced black-box testing technique involves testing the application by understanding its functionality and without knowing its internal structures?
- Equivalence Partitioning
- Exploratory Testing
- Functional Testing
- Gray Box Testing
Gray Box Testing is an advanced testing method where the tester has partial knowledge of an application's internal workings. The tester understands the application's functionality but doesn't delve deep into its internal structures, making it a blend of black and white-box testing.
A(n) _______ is a formal type of review where the reviewers are selected based on their expertise, and the process is well-defined.
- Ad-hoc review
- Inspection
- Pair Programming
- Walkthrough
An inspection is a formal type of review wherein the process is structured and predetermined. The reviewers are chosen for their specific expertise and are required to go through the material thoroughly. It's more formal than other types of reviews like walkthroughs.