During a security audit, a tester is able to execute a script in the database input field. What type of vulnerability does this indicate?
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Insecure Direct Object References (IDOR)
- SQL Injection
The ability to execute a script in the database input field points to a SQL Injection vulnerability, where malicious SQL queries can be injected and executed.
In complex web services, how does WSDL handle multiple service endpoints?
- WSDL allows the definition of multiple service endpoints in the same document
- WSDL can't handle multiple endpoints in complex web services
- WSDL supports multiple endpoints by creating separate documents for each
- WSDL uses a single default endpoint for all services
WSDL allows the definition of multiple service endpoints in the same document, providing flexibility in handling complex web services.
How does a stub differ from a mock in integration testing?
- A mock is a complete, functional implementation of a component
- A mock is only used in object-oriented programming
- A stub is a simplified implementation of a component with fixed behavior
- A stub is used for unit testing, while a mock is used for integration testing
In integration testing, a stub is a simplified version of a component with predetermined behavior, while a mock is a complete, functional implementation with expected behavior.
_______ is a constraint of RESTful services that dictates the simplicity of the interface provided to services.
- HATEOAS
- Idempotence
- Statelessness
- Uniform Interface
In REST, the Uniform Interface constraint emphasizes a simple and consistent interface for services, promoting ease of use and understanding.
For deleting a resource in REST, what HTTP method is implemented?
- DELETE
- PATCH
- POST
- PUT
The DELETE method in REST is used to delete a resource. It requests the removal of the specified resource, and the operation is idempotent, meaning that subsequent requests have no additional effect once the resource is deleted.
What is the role of a 'Pod' in Kubernetes?
- A collection of multiple containers sharing the same network namespace
- A configuration file defining Kubernetes deployment settings
- A high-level Kubernetes resource for managing persistent data storage
- The smallest unit in the Kubernetes object model, representing a single instance of a running process
In Kubernetes, a Pod is the smallest unit, representing a single instance of a running process and can contain one or more containers.
_________ encryption uses the same key for encryption and decryption.
- Asymmetric
- Private
- Public
- Symmetric
Symmetric encryption utilizes the same key for both the encryption and decryption processes.
The process of refreshing JWTs for continued authentication is known as token _______.
- Reauthentication
- Renewal
- Revocation
- Rotation
The process of refreshing JWTs for continued authentication is known as token rotation.
How does SOAP handle security compared to REST?
- REST relies on digital signatures for secure communication
- REST uses HTTPS for secure communication
- SOAP employs WS-Security for secure communication
- SOAP relies on API keys for security
SOAP, in comparison to REST, handles security through standards like WS-Security. This includes features such as encryption, digital signatures, and authentication mechanisms, providing a comprehensive approach to secure communication between web services.
In complex web service architectures, XML _______ is used for defining the message exchange patterns.
- Blueprint
- Protocol
- Schema
- Specification
In complex web service architectures, XML Schema is used for defining the message exchange patterns.