1. What is a security misconfiguration?
A) A type of encryption method
B) A vulnerability caused by improper security settings
C) A secure way to configure servers
D) A method to bypass firewalls
Answer: B) A vulnerability caused by improper security settings
Explanation: Security misconfiguration occurs when security settings are left at default, improperly configured, or missing, leading to vulnerabilities.
2. Which of the following is an example of a security misconfiguration?
A) Using HTTPS for all communication
B) Leaving default credentials enabled on an application
C) Implementing role-based access control (RBAC)
D) Applying patches regularly
Answer: B) Leaving default credentials enabled on an application
Explanation: Default credentials (e.g., admin/admin) can be exploited by attackers if not changed, leading to unauthorized access.
3. What is the OWASP ranking for Security Misconfigurations in the OWASP Top 10 (2021)?
A) 1st
B) 2nd
C) 5th
D) 10th
Answer: C) 5th
Explanation: Security misconfiguration is ranked 5th in the OWASP Top 10 (2021), highlighting its widespread impact.
4. Which security misconfiguration is commonly found in cloud environments?
A) Unencrypted storage
B) Misconfigured IAM roles
C) Open S3 buckets
D) All of the above
Answer: D) All of the above
Explanation: Cloud security misconfigurations include unencrypted storage, overly permissive IAM roles, and open S3 buckets, exposing sensitive data.
5. Which of the following is NOT a common cause of security misconfiguration?
A) Lack of security testing
B) Default settings left unchanged
C) Secure coding practices
D) Poorly configured permissions
Answer: C) Secure coding practices
Explanation: Secure coding helps prevent vulnerabilities, whereas misconfigurations arise due to poor security practices, default settings, and lack of testing.
6. How can attackers exploit misconfigured error handling?
A) By injecting SQL commands
B) By triggering verbose error messages to gain system insights
C) By bypassing authentication
D) By sending phishing emails
Answer: B) By triggering verbose error messages to gain system insights
Explanation: Misconfigured error messages may reveal stack traces, database queries, or sensitive file locations, aiding attackers.
7. What is the risk of having directory listing enabled on a web server?
A) Attackers can view sensitive files and directories
B) It improves performance
C) It speeds up file uploads
D) It secures API endpoints
Answer: A) Attackers can view sensitive files and directories
Explanation: Directory listing allows unauthorized users to browse server files, exposing sensitive configurations or code.
8. Why is using default database credentials a serious risk?
A) It allows unauthorized access to databases
B) It speeds up development
C) It reduces server load
D) It enables efficient logging
Answer: A) It allows unauthorized access to databases
Explanation: Attackers can easily guess default credentials (e.g., root/admin), leading to full database compromise.
9. Which misconfiguration can allow unauthorized users to access an admin panel?
A) Using strong passwords
B) Exposing admin panels without access control
C) Disabling verbose error messages
D) Implementing multi-factor authentication
Answer: B) Exposing admin panels without access control
Explanation: Admin panels should be restricted by IP, protected with strong authentication, and hidden when possible.
10. How can unnecessary services running on a server pose a security risk?
A) They increase attack surface
B) They improve performance
C) They make auditing easier
D) They enhance user experience
Answer: A) They increase attack surface
Explanation: Unused services may contain unpatched vulnerabilities, providing attackers with additional entry points.
11. What should be done to secure default configurations in web applications?
A) Leave them unchanged
B) Harden security settings and disable unnecessary features
C) Use only open-source software
D) Set up a firewall
Answer: B) Harden security settings and disable unnecessary features
Explanation: Hardening configurations involves changing default credentials, disabling unused features, and applying least privilege access.
12. Which of the following is an example of a misconfigured Content Security Policy (CSP)?
A) Blocking inline scripts
B) Allowing scripts from any source (*)
C) Restricting scripts to a specific domain
D) Enabling HTTPS for all resources
Answer: B) Allowing scripts from any source (*)
Explanation: A poorly configured CSP (e.g., allowing * as a source) permits malicious scripts to be executed, leading to XSS attacks.
13. What is a common security misconfiguration in API security?
A) Using JSON for data transfer
B) Allowing unrestricted CORS policies
C) Implementing OAuth2 authentication
D) Enforcing rate limiting
Answer: B) Allowing unrestricted CORS policies
Explanation: Overly permissive CORS settings (Access-Control-Allow-Origin: *) can expose APIs to cross-origin attacks.
14. How can unpatched software lead to security misconfigurations?
A) It prevents users from accessing the system
B) It introduces known vulnerabilities that attackers can exploit
C) It improves network speed
D) It reduces CPU load
Answer: B) It introduces known vulnerabilities that attackers can exploit
Explanation: Unpatched systems may contain known exploits, allowing attackers to gain access.
15. Why is enabling “Auto-Indexing” on a web server a risk?
A) It slows down the server
B) It exposes all files and directories to attackers
C) It prevents users from accessing files
D) It improves SEO
Answer: B) It exposes all files and directories to attackers
Explanation: Auto-indexing allows attackers to view and download sensitive files, exposing credentials and code.
16. What should be done with default admin accounts on a system?
A) Keep them enabled for backup access
B) Rename, disable, or remove them
C) Share credentials among team members
D) Use them as primary admin accounts
Answer: B) Rename, disable, or remove them
Explanation: Default admin accounts are often targeted in brute-force attacks and should be disabled or renamed.
17. Which of the following is a secure practice when configuring error handling?
A) Display detailed errors to all users
B) Log errors internally but show generic messages externally
C) Disable error logging
D) Allow users to see full stack traces
Answer: B) Log errors internally but show generic messages externally
Explanation: Detailed error messages can reveal sensitive information, so they should be logged internally while showing generic messages to users.
18. What is the primary risk of misconfigured logging?
A) Logs consume excessive disk space
B) Logs may contain sensitive data like passwords
C) Logs slow down the server
D) Logs improve security
Answer: B) Logs may contain sensitive data like passwords
Explanation: Logs should never store sensitive data in plaintext to prevent credential leaks.
19. How can cloud security misconfigurations be prevented?
A) Regularly reviewing IAM policies
B) Leaving storage buckets open
C) Using weak encryption
D) Disabling security logging
Answer: A) Regularly reviewing IAM policies
Explanation: Regularly auditing IAM roles, permissions, and access controls reduces the risk of cloud misconfigurations.
20. What is the best way to test for security misconfigurations?
A) Performing penetration tests and security audits
B) Ignoring security warnings
C) Using only default configurations
D) Avoiding software updates
Answer: A) Performing penetration tests and security audits
Explanation: Regular penetration testing, vulnerability assessments, and security audits help detect and remediate misconfigurations.
21. Which of the following is an example of an insecure default configuration?
A) Enabling firewall rules to restrict access
B) Changing the default admin username and password
C) Leaving a database open to public access
D) Encrypting all data at rest
Answer: C) Leaving a database open to public access
Explanation: Databases with open public access expose sensitive information, allowing unauthorized users to steal or modify data.
22. What is the impact of failing to restrict access to configuration files?
A) Attackers can modify security settings
B) It improves system performance
C) It prevents DoS attacks
D) It has no security implications
Answer: A) Attackers can modify security settings
Explanation: Configuration files often contain sensitive information such as credentials, API keys, and system settings. If exposed, attackers can manipulate them.
23. Which of the following tools is commonly used to detect security misconfigurations in web applications?
A) Wireshark
B) Nmap
C) Burp Suite
D) Metasploit
Answer: C) Burp Suite
Explanation: Burp Suite is a popular tool used for web application security testing, including detecting security misconfigurations like open directories, default credentials, and weak security policies.
24. Why should default sample files and scripts be removed from a web server?
A) They slow down the server
B) They can contain vulnerabilities or expose sensitive information
C) They prevent XSS attacks
D) They are required for debugging
Answer: B) They can contain vulnerabilities or expose sensitive information
Explanation: Default sample files can reveal server configurations, database connections, or admin credentials, making them a security risk.
25. Which HTTP method should typically be disabled or restricted to prevent security risks?
A) GET
B) POST
C) DELETE
D) TRACE
Answer: D) TRACE
Explanation: The TRACE method can be exploited in cross-site tracing (XST) attacks, which can reveal sensitive user data.
26. What is a security risk of leaving unused ports open on a server?
A) Increased power consumption
B) More attack surface for potential exploits
C) Slower network speed
D) It prevents SQL Injection attacks
Answer: B) More attack surface for potential exploits
Explanation: Open ports can expose unnecessary services, increasing the attack surface for malicious actors.
27. Why is it dangerous to store API keys in public repositories?
A) Attackers can use them to gain unauthorized access
B) It improves application performance
C) It makes debugging easier
D) API keys are not sensitive information
Answer: A) Attackers can use them to gain unauthorized access
Explanation: API keys stored in public repositories (e.g., GitHub) can be stolen and used for unauthorized access to applications or services.
28. What is the best way to prevent accidental exposure of sensitive configuration files?
A) Store them in publicly accessible folders
B) Use access controls and restrict permissions
C) Keep them in plaintext for easy reference
D) Disable encryption
Answer: B) Use access controls and restrict permissions
Explanation: Proper file permissions and access controls prevent unauthorized access to sensitive configuration files.
29. What is the risk of enabling debug mode in production?
A) It slows down the server
B) It exposes sensitive information in error messages
C) It improves website performance
D) It prevents SQL Injection attacks
Answer: B) It exposes sensitive information in error messages
Explanation: Debug mode in production can expose database queries, stack traces, and system configurations, making it easier for attackers to exploit.
30. Why should directory traversal vulnerabilities be mitigated?
A) They allow attackers to access restricted files
B) They make websites load faster
C) They improve logging capabilities
D) They are required for debugging
Answer: A) They allow attackers to access restricted files
Explanation: Directory traversal attacks allow attackers to access files outside of the intended directory, potentially exposing sensitive system files.
31. What is a major risk of misconfigured Cross-Origin Resource Sharing (CORS)?
A) Attackers can execute remote code
B) Attackers can steal authentication tokens from users
C) Attackers can perform SQL injection
D) It prevents data encryption
Answer: B) Attackers can steal authentication tokens from users
Explanation: A misconfigured CORS policy (e.g., Access-Control-Allow-Origin: *) allows attackers to make unauthorized API calls on behalf of users.
32. Why should unnecessary HTTP headers be removed from server responses?
A) To prevent attackers from gathering information about the server
B) To speed up web page loading times
C) To improve SEO rankings
D) To reduce firewall rules
Answer: A) To prevent attackers from gathering information about the server
Explanation: Headers like “X-Powered-By” reveal server and framework versions, helping attackers identify vulnerabilities.
33. What happens if improper permissions are set on sensitive system files?
A) Attackers may modify or delete system files
B) The system becomes faster
C) It helps users access the files easily
D) It improves network security
Answer: A) Attackers may modify or delete system files
Explanation: Weak file permissions allow unauthorized users to modify critical system files, potentially leading to privilege escalation attacks.
34. Which of the following is a best practice for securing administrative dashboards?
A) Allow public access
B) Implement IP whitelisting and MFA
C) Remove authentication requirements
D) Use default credentials
Answer: B) Implement IP whitelisting and MFA
Explanation: IP whitelisting and multi-factor authentication (MFA) add extra layers of security to admin panels.
35. What is a common security misconfiguration in database security?
A) Enabling strict access control policies
B) Allowing remote access without authentication
C) Using encrypted backups
D) Regularly updating database software
Answer: B) Allowing remote access without authentication
Explanation: Databases should require authentication and restrict remote access to prevent unauthorized connections.
36. What is an effective way to secure log files?
A) Storing them in world-readable directories
B) Encrypting and restricting access to logs
C) Deleting logs every hour
D) Keeping logs in plaintext
Answer: B) Encrypting and restricting access to logs
Explanation: Logs should be protected with proper access controls and encryption to prevent tampering or exposure of sensitive data.
37. How can security misconfigurations in cloud environments be detected?
A) By using automated security scanning tools
B) By ignoring security alerts
C) By disabling logging
D) By using weak passwords
Answer: A) By using automated security scanning tools
Explanation: Security scanning tools like AWS Security Hub, Azure Security Center, and GCP Security Command Center detect misconfigurations.
38. What is the risk of using outdated dependencies in an application?
A) It improves performance
B) It introduces known security vulnerabilities
C) It speeds up development
D) It has no impact on security
Answer: B) It introduces known security vulnerabilities
Explanation: Outdated dependencies may contain known security flaws that attackers can exploit.
39. What security misconfiguration could allow attackers to brute-force login credentials easily?
A) Implementing MFA
B) Enabling rate-limiting and account lockouts
C) Allowing unlimited login attempts without rate limiting
D) Using strong passwords
Answer: C) Allowing unlimited login attempts without rate limiting
Explanation: Rate limiting and account lockout policies prevent brute-force attacks.
40. How can organizations continuously monitor for security misconfigurations?
A) Perform regular security audits and compliance checks
B) Disable logging
C) Ignore vulnerability reports
D) Use outdated security tools
Answer: A) Perform regular security audits and compliance checks
Explanation: Regular security audits, penetration testing, and compliance reviews help detect and fix misconfigurations.
41. What is the primary risk of exposing application source code in a public repository?
A) Slower application performance
B) Attackers can analyze and find vulnerabilities
C) It improves developer collaboration
D) It helps with debugging
Answer: B) Attackers can analyze and find vulnerabilities
Explanation: Exposed source code allows attackers to identify security flaws, hardcoded credentials, and exploit vulnerabilities.
42. Why is it important to remove default test accounts from production systems?
A) They improve system performance
B) They can be exploited by attackers for unauthorized access
C) They help developers debug issues in production
D) They are required for auditing
Answer: B) They can be exploited by attackers for unauthorized access
Explanation: Test accounts often have weak security controls and can be exploited if left active in production.
43. What is a common security misconfiguration in API gateways?
A) Enforcing strong authentication and rate limiting
B) Exposing internal services to the public internet without access control
C) Logging all API requests securely
D) Using HTTPS for all API communications
Answer: B) Exposing internal services to the public internet without access control
Explanation: API misconfigurations can expose sensitive endpoints, allowing unauthorized access or data leaks.
44. What happens if session timeout values are too long?
A) Users experience better performance
B) Attackers have more time to hijack active sessions
C) Users do not need to re-authenticate frequently
D) It improves website speed
Answer: B) Attackers have more time to hijack active sessions
Explanation: Long session timeouts increase the risk of session hijacking, especially if users leave their sessions open.
45. Why should unused user accounts be disabled or removed?
A) To reduce system storage
B) To prevent unauthorized access through inactive accounts
C) To improve network speed
D) To keep logs smaller
Answer: B) To prevent unauthorized access through inactive accounts
Explanation: Unused accounts are prime targets for attackers who can use them for privilege escalation or lateral movement.
46. What is a security risk of weak encryption settings?
A) Data can be intercepted and decrypted by attackers
B) It makes system performance faster
C) It prevents phishing attacks
D) It increases user accessibility
Answer: A) Data can be intercepted and decrypted by attackers
Explanation: Weak encryption (e.g., using outdated algorithms like MD5 or DES) can be cracked, exposing sensitive data.
47. What is the best way to protect sensitive application logs?
A) Store them in public directories
B) Encrypt logs and restrict access
C) Keep them readable to all users for debugging
D) Delete logs after a short period
Answer: B) Encrypt logs and restrict access
Explanation: Logs should be encrypted and accessible only to authorized personnel to prevent data leaks and tampering.
48. What is a common misconfiguration in Identity and Access Management (IAM) settings?
A) Assigning least privilege access
B) Granting broad permissions instead of role-based access control (RBAC)
C) Enforcing MFA for all users
D) Regularly auditing IAM policies
Answer: B) Granting broad permissions instead of role-based access control (RBAC)
Explanation: Overly permissive IAM policies can lead to unauthorized access and privilege escalation.
49. What is the risk of running applications with excessive privileges?
A) It allows attackers to execute arbitrary commands with high privileges
B) It speeds up execution
C) It makes debugging easier
D) It improves performance
Answer: A) It allows attackers to execute arbitrary commands with high privileges
Explanation: Applications should follow the principle of least privilege to minimize the risk of exploitation.
50. Why is it important to secure environment variables in cloud applications?
A) They contain sensitive information like API keys and database credentials
B) They improve application speed
C) They help with debugging
D) They have no impact on security
Answer: A) They contain sensitive information like API keys and database credentials
Explanation: Exposed environment variables can lead to data breaches if they contain sensitive information.
51. What is a security misconfiguration related to email servers?
A) Enabling SPF, DKIM, and DMARC
B) Allowing open relay for sending emails
C) Restricting unauthorized email forwarding
D) Using encrypted email transmission
Answer: B) Allowing open relay for sending emails
Explanation: Open email relays allow spammers and attackers to send emails through your server, leading to email spoofing and abuse.
52. Why is it a bad practice to allow unlimited file uploads without validation?
A) It can lead to denial-of-service (DoS) attacks
B) Attackers can upload malicious scripts
C) It can consume excessive storage
D) All of the above
Answer: D) All of the above
Explanation: Unrestricted file uploads can result in malware execution, DoS attacks, and excessive resource consumption.
53. What is the risk of exposing database ports (e.g., MySQL, PostgreSQL) to the public internet?
A) Unauthorized access and data exfiltration
B) Increased performance
C) Improved database replication
D) Easier remote debugging
Answer: A) Unauthorized access and data exfiltration
Explanation: Database services should be restricted to internal networks and not exposed publicly.
54. What is a common security misconfiguration in cloud storage (e.g., AWS S3, Azure Blob Storage)?
A) Publicly accessible storage buckets
B) Enforcing encryption at rest
C) Implementing IAM roles for access control
D) Enabling logging and monitoring
Answer: A) Publicly accessible storage buckets
Explanation: Publicly accessible storage can expose sensitive files, leading to data breaches.
55. Why should debug mode be disabled in production?
A) It reveals application errors and sensitive details
B) It slows down performance
C) It prevents brute-force attacks
D) It reduces disk space usage
Answer: A) It reveals application errors and sensitive details
Explanation: Debug mode in production exposes stack traces, database queries, and API keys, which attackers can exploit.
56. What should be done to protect against Clickjacking attacks?
A) Use the X-Frame-Options HTTP header
B) Disable JavaScript
C) Block all cookies
D) Use CAPTCHA for authentication
Answer: A) Use the X-Frame-Options HTTP header
Explanation: Clickjacking tricks users into clicking on invisible elements, which can be prevented using X-Frame-Options or Content Security Policy (CSP).
57. Why is it important to disable unused plugins and extensions in applications?
A) They may contain vulnerabilities that can be exploited
B) They make applications faster
C) They improve security by default
D) They prevent DDoS attacks
Answer: A) They may contain vulnerabilities that can be exploited
Explanation: Unused or outdated plugins can introduce security vulnerabilities, increasing the attack surface.
58. What is a risk of using wildcard (*) permissions in access control policies?
A) It allows unauthorized access to sensitive data
B) It simplifies configuration
C) It prevents SQL Injection attacks
D) It reduces the need for security updates
Answer: A) It allows unauthorized access to sensitive data
Explanation: Wildcard permissions (*) grant broad access, which can be exploited by attackers.
59. Why should database query results be limited when possible?
A) To prevent enumeration attacks and data leakage
B) To speed up performance
C) To reduce API calls
D) To improve debugging
Answer: A) To prevent enumeration attacks and data leakage
Explanation: Limiting query results prevents attackers from dumping excessive amounts of data.
60. What is the best way to detect and fix security misconfigurations in an environment?
A) Conducting regular security audits and automated scanning
B) Ignoring security warnings
C) Using only default settings
D) Allowing unlimited access to all services
Answer: A) Conducting regular security audits and automated scanning
Explanation: Regular security assessments and automated scanning tools help detect and fix misconfigurations proactively.
61. What is a major security risk when using default SNMP community strings?
A) Attackers can gain unauthorized access to network devices
B) It speeds up network performance
C) It allows secure remote access
D) It improves logging capabilities
Answer: A) Attackers can gain unauthorized access to network devices
Explanation: Simple Network Management Protocol (SNMP) uses default community strings like “public” and “private,” which can be exploited if not changed.
62. Which of the following is an insecure web server configuration?
A) Enabling HTTP Strict Transport Security (HSTS)
B) Allowing directory listing
C) Disabling unused ports
D) Restricting file access permissions
Answer: B) Allowing directory listing
Explanation: Directory listing allows attackers to browse server files, potentially revealing sensitive information.
63. What is the primary security risk of enabling anonymous FTP access?
A) Attackers can upload or download files without authentication
B) It reduces latency
C) It makes website deployment faster
D) It prevents malware uploads
Answer: A) Attackers can upload or download files without authentication
Explanation: Anonymous FTP access lets anyone connect to the server without credentials, making it easy for attackers to steal or plant malicious files.
64. What is a common misconfiguration in web application firewalls (WAF)?
A) Blocking known attack patterns
B) Leaving the WAF in logging-only mode
C) Enforcing input validation
D) Implementing strict rules for SQL Injection
Answer: B) Leaving the WAF in logging-only mode
Explanation: A WAF in logging-only mode does not actively block attacks, leaving applications vulnerable.
65. What type of security misconfiguration can lead to unauthorized access to cloud storage?
A) Using strong encryption
B) Making storage buckets publicly accessible
C) Implementing least privilege access control
D) Enabling multi-factor authentication (MFA)
Answer: B) Making storage buckets publicly accessible
Explanation: Publicly accessible cloud storage (like AWS S3, Google Cloud Storage) allows unauthorized access to sensitive data.
66. What is the risk of failing to update default firewall rules?
A) Attackers may exploit open ports and default allow rules
B) It prevents network congestion
C) It speeds up internet browsing
D) It enhances remote access
Answer: A) Attackers may exploit open ports and default allow rules
Explanation: Leaving default firewall rules enabled can allow unnecessary traffic, increasing the attack surface.
67. Why is allowing HTTP access instead of HTTPS a security risk?
A) Data is transmitted in plaintext, making it vulnerable to interception
B) It slows down website performance
C) It prevents SQL injection
D) It reduces server load
Answer: A) Data is transmitted in plaintext, making it vulnerable to interception
Explanation: HTTP does not encrypt traffic, making it susceptible to man-in-the-middle (MITM) attacks.
68. What is a common misconfiguration in container security?
A) Running containers as root
B) Using namespaces for isolation
C) Enforcing signed container images
D) Restricting container network access
Answer: A) Running containers as root
Explanation: Running containers as root increases the risk of privilege escalation if the container is compromised.
69. Why is enabling verbose logging in production environments a security risk?
A) It may reveal sensitive information such as database queries and credentials
B) It helps with debugging
C) It improves website performance
D) It prevents DDoS attacks
Answer: A) It may reveal sensitive information such as database queries and credentials
Explanation: Verbose logs may expose sensitive data, aiding attackers in reconnaissance.
70. Which of the following is an insecure practice when configuring a password policy?
A) Enforcing password complexity requirements
B) Allowing password reuse indefinitely
C) Implementing multi-factor authentication (MFA)
D) Enforcing minimum password length
Answer: B) Allowing password reuse indefinitely
Explanation: Allowing users to reuse old passwords weakens security and increases the risk of credential-stuffing attacks.
71. What should be done to protect against SSH brute force attacks?
A) Disable password authentication and use SSH keys
B) Keep SSH open to all IPs
C) Allow root login via SSH
D) Use short, easy-to-remember passwords
Answer: A) Disable password authentication and use SSH keys
Explanation: Using SSH keys instead of passwords reduces the risk of brute-force attacks.
72. What is a security risk of using an outdated TLS/SSL protocol?
A) It can be exploited by attackers using downgrade attacks
B) It increases network speed
C) It prevents SQL injection
D) It improves authentication
Answer: A) It can be exploited by attackers using downgrade attacks
Explanation: Old TLS/SSL versions (e.g., SSL 3.0, TLS 1.0) contain vulnerabilities that allow MITM and downgrade attacks.
73. Why should unnecessary services be disabled on a web server?
A) To reduce the attack surface and prevent exploitation
B) To improve SEO rankings
C) To increase CPU usage
D) To make debugging easier
Answer: A) To reduce the attack surface and prevent exploitation
Explanation: Running unnecessary services increases the number of potential vulnerabilities.
74. What is a potential risk of using auto-generated default cryptographic keys?
A) They may be weak and predictable
B) They improve encryption strength
C) They reduce system load
D) They are better than user-generated keys
Answer: A) They may be weak and predictable
Explanation: Auto-generated keys that use weak random number generation can be easily guessed.
75. What is a security misconfiguration related to DNS?
A) Exposing internal DNS records
B) Using DNSSEC to prevent spoofing
C) Enabling DNS over HTTPS (DoH)
D) Restricting zone transfers
Answer: A) Exposing internal DNS records
Explanation: Exposed DNS records can reveal sensitive infrastructure details, aiding attackers in reconnaissance.
76. What is the risk of failing to configure proper CSP (Content Security Policy) settings?
A) Increased risk of Cross-Site Scripting (XSS) attacks
B) Faster page load times
C) Improved SEO rankings
D) Reduced authentication security
Answer: A) Increased risk of Cross-Site Scripting (XSS) attacks
Explanation: A weak CSP allows attackers to execute malicious scripts in a user’s browser.
77. What is a security risk of not restricting HTTP methods on a web server?
A) Attackers can perform unauthorized actions like DELETE or PUT
B) It improves API performance
C) It makes debugging easier
D) It prevents SQL injection
Answer: A) Attackers can perform unauthorized actions like DELETE or PUT
Explanation: Unrestricted HTTP methods allow attackers to modify, delete, or retrieve unauthorized data.
78. What is the risk of failing to monitor security logs regularly?
A) Attacks and breaches may go undetected
B) It reduces system storage usage
C) It prevents phishing attacks
D) It increases website speed
Answer: A) Attacks and breaches may go undetected
Explanation: Regular log monitoring helps detect suspicious activity and security incidents.
79. What is a security misconfiguration in access control lists (ACLs)?
A) Allowing overly permissive rules
B) Restricting access based on the principle of least privilege
C) Enforcing MFA
D) Applying IP whitelisting
Answer: A) Allowing overly permissive rules
Explanation: Overly permissive ACLs allow unauthorized users to access sensitive resources.
80. What should be done to prevent security misconfigurations in DevOps environments?
A) Use automated security scanning tools in CI/CD pipelines
B) Ignore security alerts
C) Use only default settings
D) Disable all authentication
Answer: A) Use automated security scanning tools in CI/CD pipelines
Explanation: Integrating security scanning tools into CI/CD pipelines helps detect misconfigurations early.
81. What is the risk of not setting proper permissions on cloud IAM roles?
A) Attackers can gain unauthorized access to cloud resources
B) It speeds up cloud performance
C) It reduces costs
D) It prevents API abuse
Answer: A) Attackers can gain unauthorized access to cloud resources
Explanation: Misconfigured IAM roles can allow attackers to escalate privileges or access sensitive data in the cloud.
82. Why should software components be reviewed before integration?
A) To identify security vulnerabilities and licensing issues
B) To improve software speed
C) To ensure high performance
D) To reduce development time
Answer: A) To identify security vulnerabilities and licensing issues
Explanation: Third-party libraries and dependencies may have vulnerabilities that could compromise security if not reviewed.
83. What is a security risk of hardcoding credentials in source code?
A) Attackers can retrieve them and gain unauthorized access
B) It makes authentication faster
C) It reduces network latency
D) It prevents phishing attacks
Answer: A) Attackers can retrieve them and gain unauthorized access
Explanation: Hardcoded credentials can be extracted from repositories or binaries, leading to unauthorized access.
84. What should be done to secure default database settings?
A) Change default credentials and restrict remote access
B) Keep all default settings
C) Allow anonymous database connections
D) Enable verbose logging
Answer: A) Change default credentials and restrict remote access
Explanation: Default database settings often include weak credentials and open ports, making them a common target for attacks.
85. What is a risk of enabling auto-complete on login forms?
A) It allows attackers to extract stored credentials from the browser
B) It speeds up user authentication
C) It prevents brute-force attacks
D) It enhances password security
Answer: A) It allows attackers to extract stored credentials from the browser
Explanation: Auto-complete allows attackers to steal stored credentials if the user’s machine is compromised.
86. What security misconfiguration can lead to Cross-Site WebSocket Hijacking (CSWH)?
A) Allowing WebSockets to accept connections from any origin
B) Using strong authentication
C) Disabling insecure CORS policies
D) Enabling WebSockets over HTTPS
Answer: A) Allowing WebSockets to accept connections from any origin
Explanation: Misconfigured WebSockets can allow attackers to hijack user sessions and send unauthorized requests.
87. What is a best practice for securing system backups?
A) Encrypting them and storing them securely
B) Keeping them publicly accessible
C) Storing them in plaintext
D) Disabling backup functionality
Answer: A) Encrypting them and storing them securely
Explanation: Unencrypted backups can be stolen or exposed, leading to data breaches.
88. What should be done to prevent privilege escalation attacks?
A) Enforce the principle of least privilege
B) Grant administrative privileges to all users
C) Use shared administrative credentials
D) Disable user authentication
Answer: A) Enforce the principle of least privilege
Explanation: Limiting user permissions reduces the risk of privilege escalation attacks.
89. Why is it important to disable weak cipher suites in TLS settings?
A) Weak ciphers can be broken, compromising encrypted communications
B) It improves website speed
C) It prevents phishing attacks
D) It reduces system load
Answer: A) Weak ciphers can be broken, compromising encrypted communications
Explanation: Weak ciphers like RC4 and DES can be cracked, exposing sensitive data in transit.
90. What is a risk of exposing Kubernetes dashboards without authentication?
A) Attackers can control Kubernetes clusters
B) It improves container performance
C) It prevents API abuse
D) It speeds up deployment
Answer: A) Attackers can control Kubernetes clusters
Explanation: Exposed Kubernetes dashboards allow unauthorized access, enabling attackers to control workloads and steal data.
91. Why should unused user accounts be removed from systems?
A) To prevent unauthorized access and reduce the attack surface
B) To improve UI performance
C) To optimize server load
D) To simplify debugging
Answer: A) To prevent unauthorized access and reduce the attack surface
Explanation: Inactive user accounts can be targeted for unauthorized access, making them a security risk.
92. What is the security risk of using default SSL/TLS certificates?
A) Attackers can impersonate legitimate servers
B) It improves encryption speed
C) It prevents malware infections
D) It reduces server load
Answer: A) Attackers can impersonate legitimate servers
Explanation: Default certificates may be predictable or shared, allowing attackers to perform MITM attacks.
93. What is a misconfiguration risk in Continuous Integration/Continuous Deployment (CI/CD) pipelines?
A) Storing credentials in plaintext environment variables
B) Using security testing tools
C) Implementing automated code review
D) Enforcing MFA for pipeline access
Answer: A) Storing credentials in plaintext environment variables
Explanation: Storing plaintext credentials in CI/CD pipelines can lead to unauthorized access if leaked.
94. Why should unused or unnecessary ports be closed on a system?
A) To reduce the number of possible attack vectors
B) To increase network speed
C) To improve database performance
D) To reduce firewall complexity
Answer: A) To reduce the number of possible attack vectors
Explanation: Open ports can be exploited to gain unauthorized access to services.
95. What is a risk of exposing system configuration files to public users?
A) Attackers can gain insight into system structure and potential weaknesses
B) It improves debugging
C) It enhances user experience
D) It prevents SQL Injection attacks
Answer: A) Attackers can gain insight into system structure and potential weaknesses
Explanation: System configuration files may contain sensitive information that can be exploited.
96. How does a security misconfiguration in identity providers (IdPs) affect authentication?
A) It can allow attackers to bypass authentication and gain unauthorized access
B) It speeds up login time
C) It improves single sign-on (SSO) functionality
D) It prevents account lockouts
Answer: A) It can allow attackers to bypass authentication and gain unauthorized access
Explanation: Misconfigurations in IdPs can lead to authentication bypass vulnerabilities.
97. What is the impact of not setting a security policy for third-party integrations?
A) Third-party services may introduce vulnerabilities or compromise data security
B) It improves API performance
C) It prevents phishing attacks
D) It optimizes server load
Answer: A) Third-party services may introduce vulnerabilities or compromise data security
Explanation: Unverified third-party integrations can introduce security flaws.
98. What is a common misconfiguration in CI/CD pipeline security?
A) Allowing scripts to run with unrestricted permissions
B) Restricting access to build environments
C) Implementing security scanning
D) Using encrypted credentials
Answer: A) Allowing scripts to run with unrestricted permissions
Explanation: CI/CD pipelines should enforce least privilege to prevent unauthorized modifications.
99. Why should software dependencies be regularly updated?
A) To patch security vulnerabilities in outdated libraries
B) To improve website speed
C) To reduce the size of application logs
D) To prevent SQL Injection attacks
Answer: A) To patch security vulnerabilities in outdated libraries
Explanation: Outdated dependencies often contain known vulnerabilities that attackers can exploit.
100. What is the risk of leaving unused APIs enabled?
A) Attackers can exploit undocumented or deprecated API endpoints
B) It improves application performance
C) It speeds up authentication
D) It enhances API availability
Answer: A) Attackers can exploit undocumented or deprecated API endpoints
Explanation: Unused APIs may contain unpatched vulnerabilities, allowing attackers to exploit them.
101. What is a common security misconfiguration in cloud environments?
A) Using multi-factor authentication (MFA)
B) Leaving storage buckets open to the public
C) Implementing strong encryption for all data
D) Regularly reviewing access logs
Answer: B) Leaving storage buckets open to the public
Explanation: Misconfigured cloud storage (e.g., AWS S3, Azure Blob Storage) can expose sensitive data, leading to breaches.
102. Why should default user accounts be disabled or removed?
A) They can be used by attackers for unauthorized access
B) They improve system performance
C) They simplify software updates
D) They allow easy debugging
Answer: A) They can be used by attackers for unauthorized access
Explanation: Default user accounts often have weak passwords and can be targeted in brute-force attacks.
103. What is a security risk of failing to update Content Management Systems (CMS) like WordPress?
A) Attackers can exploit known vulnerabilities to gain control
B) It slows down the website
C) It increases website traffic
D) It improves website SEO
Answer: A) Attackers can exploit known vulnerabilities to gain control
Explanation: Outdated CMS software may contain publicly known exploits, allowing attackers to gain unauthorized access.
104. What is the primary risk of failing to enforce API rate limiting?
A) Attackers can perform brute-force and Denial-of-Service (DoS) attacks
B) It improves API speed
C) It makes logging easier
D) It prevents phishing attacks
Answer: A) Attackers can perform brute-force and Denial-of-Service (DoS) attacks
Explanation: Without rate limiting, attackers can flood an API with requests, leading to service disruption or brute-force attacks.
105. Why should password hints be disabled in login mechanisms?
A) Attackers can use them to guess passwords
B) It improves the login experience
C) It increases password complexity
D) It speeds up authentication
Answer: A) Attackers can use them to guess passwords
Explanation: Password hints can provide clues that attackers can use to compromise accounts.
106. What is a security misconfiguration that allows attackers to bypass CAPTCHA?
A) Using weak CAPTCHA algorithms that can be solved by bots
B) Implementing strong authentication
C) Requiring multi-factor authentication
D) Encrypting CAPTCHA responses
Answer: A) Using weak CAPTCHA algorithms that can be solved by bots
Explanation: Poorly implemented CAPTCHAs can be bypassed using automated scripts or AI-based solvers.
107. What is a best practice for securing web application session management?
A) Implementing short session timeouts and regenerating session IDs after login
B) Allowing unlimited session duration
C) Storing session IDs in URLs
D) Using session IDs that never expire
Answer: A) Implementing short session timeouts and regenerating session IDs after login
Explanation: Short session timeouts and regenerating session IDs reduce the risk of session hijacking attacks.
108. What is a risk of allowing unrestricted file execution on a server?
A) Attackers can execute malicious scripts or upload web shells
B) It improves system performance
C) It speeds up file uploads
D) It prevents XSS attacks
Answer: A) Attackers can execute malicious scripts or upload web shells
Explanation: Unrestricted file execution allows attackers to upload and run malicious code on the server.
109. What is the security risk of failing to properly configure CORS (Cross-Origin Resource Sharing)?
A) Attackers can make unauthorized API calls from malicious websites
B) It improves API performance
C) It prevents brute-force attacks
D) It helps with caching
Answer: A) Attackers can make unauthorized API calls from malicious websites
Explanation: A misconfigured CORS policy can allow unauthorized third-party websites to access sensitive data.
110. Why should directory traversal vulnerabilities be mitigated?
A) Attackers can access restricted files and sensitive system information
B) It speeds up file indexing
C) It improves website navigation
D) It reduces database queries
Answer: A) Attackers can access restricted files and sensitive system information
Explanation: Directory traversal allows attackers to access files outside of intended directories, potentially exposing system configurations and credentials.
111. What is the risk of enabling guest or anonymous access to network shares?
A) Unauthorized users can view and modify sensitive data
B) It improves network performance
C) It reduces firewall rules
D) It speeds up file transfers
Answer: A) Unauthorized users can view and modify sensitive data
Explanation: Allowing guest access can lead to unauthorized data access and potential data breaches.
112. Why should error messages be properly handled in production environments?
A) To prevent sensitive information leakage to attackers
B) To speed up database queries
C) To allow debugging in production
D) To prevent XSS attacks
Answer: A) To prevent sensitive information leakage to attackers
Explanation: Verbose error messages can expose system details such as database structures, API endpoints, or stack traces.
113. What is a security risk of keeping default SSH ports open?
A) Attackers can easily target the system using automated scanning tools
B) It improves network speed
C) It enhances logging capabilities
D) It prevents brute-force attacks
Answer: A) Attackers can easily target the system using automated scanning tools
Explanation: Using default ports (e.g., SSH on port 22) makes it easier for attackers to identify and target services.
114. Why should unnecessary services and features be disabled on a web server?
A) To minimize the attack surface and reduce security risks
B) To improve SEO rankings
C) To reduce bandwidth usage
D) To simplify debugging
Answer: A) To minimize the attack surface and reduce security risks
Explanation: Unnecessary services increase the attack surface and introduce potential security vulnerabilities.
115. What is the risk of exposing .git directories on a web server?
A) Attackers can download the entire source code repository
B) It speeds up website performance
C) It prevents SQL injection
D) It improves caching
Answer: A) Attackers can download the entire source code repository
Explanation: Exposed .git directories can allow attackers to access sensitive source code, configurations, and credentials.
116. Why should default web application settings be reviewed and changed before deployment?
A) Default settings may contain security weaknesses or unnecessary features
B) It improves website speed
C) It enhances user experience
D) It reduces system load
Answer: A) Default settings may contain security weaknesses or unnecessary features
Explanation: Default configurations often have insecure settings that should be hardened before deployment.
117. What is a security risk of running applications with unnecessary administrative privileges?
A) If compromised, attackers can gain full control over the system
B) It speeds up processing
C) It improves network security
D) It enhances logging
Answer: A) If compromised, attackers can gain full control over the system
Explanation: Running applications with excessive privileges increases the risk of privilege escalation attacks.
118. What is a risk of not validating file types during uploads?
A) Attackers can upload and execute malicious files
B) It improves upload speed
C) It enhances user experience
D) It prevents phishing attacks
Answer: A) Attackers can upload and execute malicious files
Explanation: File type validation helps prevent malicious scripts or unauthorized file execution on the server.
119. What is a best practice for securing IoT devices from misconfiguration risks?
A) Changing default credentials and disabling unused features
B) Keeping factory settings unchanged
C) Connecting devices to open networks
D) Using default passwords
Answer: A) Changing default credentials and disabling unused features
Explanation: IoT devices often come with default credentials and open services that should be secured immediately.
120. Why should security patches be applied as soon as they are released?
A) To fix known vulnerabilities before attackers exploit them
B) To slow down system performance
C) To improve graphical user interface (GUI) responsiveness
D) To increase website traffic
Answer: A) To fix known vulnerabilities before attackers exploit them
Explanation: Delaying security updates leaves systems vulnerable to exploits and attacks.
121. What is a risk of enabling weak password policies in an organization?
A) Attackers can easily guess or crack passwords
B) It reduces login time
C) It improves network speed
D) It enhances user experience
Answer: A) Attackers can easily guess or crack passwords
Explanation: Weak password policies increase the risk of brute-force and credential-stuffing attacks.
122. Why should admin interfaces be restricted to internal IPs or VPN access?
A) To prevent unauthorized external access
B) To improve website speed
C) To increase uptime
D) To reduce database queries
Answer: A) To prevent unauthorized external access
Explanation: Exposing admin interfaces to the public internet increases the risk of attacks such as brute force and unauthorized access.
123. What is a common misconfiguration in mobile applications that leads to security risks?
A) Storing sensitive data in plaintext on the device
B) Using strong encryption
C) Enforcing MFA for all users
D) Applying runtime application self-protection (RASP)
Answer: A) Storing sensitive data in plaintext on the device
Explanation: Sensitive data should always be encrypted to prevent data theft in case of device compromise.
124. Why is disabling unnecessary browser extensions a good security practice?
A) Malicious or vulnerable extensions can be exploited to steal data
B) It improves browsing speed
C) It enhances user experience
D) It reduces server load
Answer: A) Malicious or vulnerable extensions can be exploited to steal data
Explanation: Attackers can abuse browser extensions to inject malicious scripts or steal user information.
125. What is the risk of failing to implement proper email security configurations?
A) Increased phishing and email spoofing attacks
B) Reduced email delivery speed
C) Decreased storage requirements
D) Improved spam filtering
Answer: A) Increased phishing and email spoofing attacks
Explanation: Lack of SPF, DKIM, and DMARC configurations allows attackers to send fraudulent emails that appear legitimate.
126. What should be done to prevent exposed API keys from being exploited?
A) Rotate API keys regularly and restrict their usage
B) Keep API keys unchanged for reliability
C) Store API keys in source code for easy access
D) Allow public access to API keys
Answer: A) Rotate API keys regularly and restrict their usage
Explanation: Regularly rotating API keys and restricting their scope minimizes risks if they are exposed.
127. What is a security risk of failing to disable autocomplete for sensitive input fields?
A) Stored credentials can be extracted from the browser
B) It speeds up form filling
C) It prevents phishing attacks
D) It improves API response time
Answer: A) Stored credentials can be extracted from the browser
Explanation: Autocomplete can store and expose credentials if a device is compromised.
128. Why should software components be regularly reviewed for security vulnerabilities?
A) To prevent exploitation of known flaws in outdated dependencies
B) To increase processing speed
C) To improve user experience
D) To enhance graphical interface performance
Answer: A) To prevent exploitation of known flaws in outdated dependencies
Explanation: Attackers frequently exploit known vulnerabilities in outdated software components.
129. What is the security risk of exposing debug logs in production?
A) Debug logs may reveal system paths, credentials, or database queries
B) It improves system performance
C) It increases software uptime
D) It speeds up API responses
Answer: A) Debug logs may reveal system paths, credentials, or database queries
Explanation: Exposing debug logs in production can provide attackers with valuable information for exploitation.
130. Why should default database usernames (e.g., “root”) be changed?
A) Attackers often target default usernames in brute-force attacks
B) It improves query execution speed
C) It optimizes indexing
D) It enhances search engine rankings
Answer: A) Attackers often target default usernames in brute-force attacks
Explanation: Changing default usernames makes it harder for attackers to guess valid login credentials.
131. What is a major security misconfiguration in Single Sign-On (SSO) implementations?
A) Allowing authentication tokens to never expire
B) Enforcing strong encryption for token transmission
C) Using multi-factor authentication
D) Implementing session timeouts
Answer: A) Allowing authentication tokens to never expire
Explanation: Non-expiring authentication tokens can be stolen and used indefinitely by attackers.
132. What is the risk of not encrypting sensitive cookies?
A) Attackers can intercept and read cookie data using network sniffing
B) It speeds up web performance
C) It improves session management
D) It enhances API responses
Answer: A) Attackers can intercept and read cookie data using network sniffing
Explanation: Encrypting sensitive cookies helps prevent data exposure in man-in-the-middle (MITM) attacks.
133. What is the best way to prevent unauthorized access to cloud services?
A) Implementing role-based access control (RBAC) and MFA
B) Using only default configurations
C) Allowing all users to access administrative settings
D) Disabling security logs
Answer: A) Implementing role-based access control (RBAC) and MFA
Explanation: RBAC and MFA help ensure that only authorized users can access cloud services.
134. What is a security risk of using weak session identifiers?
A) Attackers can predict or hijack sessions
B) It improves system performance
C) It reduces authentication failures
D) It prevents brute-force attacks
Answer: A) Attackers can predict or hijack sessions
Explanation: Weak session IDs can be guessed by attackers, leading to session hijacking.
135. Why should HTTP methods like DELETE and PUT be restricted?
A) They can be abused to modify or delete sensitive data
B) They improve server response times
C) They prevent SQL Injection
D) They enhance user experience
Answer: A) They can be abused to modify or delete sensitive data
Explanation: Restricting HTTP methods prevents unauthorized data modification and tampering.
136. What is a risk of exposing database schema details in error messages?
A) Attackers can craft targeted SQL Injection attacks
B) It speeds up query execution
C) It improves system logging
D) It enhances caching performance
Answer: A) Attackers can craft targeted SQL Injection attacks
Explanation: Exposing database structure helps attackers fine-tune SQL Injection exploits.
137. Why should DNS zone transfers be restricted?
A) Attackers can enumerate all subdomains and internal infrastructure
B) It improves DNS resolution time
C) It enhances user experience
D) It prevents phishing attacks
Answer: A) Attackers can enumerate all subdomains and internal infrastructure
Explanation: Unrestricted DNS zone transfers allow attackers to map an entire domain’s infrastructure.
138. What is a major risk of using weak hashing algorithms like MD5 and SHA-1?
A) They can be cracked easily, exposing sensitive data
B) They improve system performance
C) They prevent SQL injection
D) They reduce database size
Answer: A) They can be cracked easily, exposing sensitive data
Explanation: Weak hashing algorithms are vulnerable to collision and brute-force attacks.
139. What is a security risk of using default cloud IAM policies?
A) They often grant excessive permissions, leading to privilege escalation risks
B) They reduce API response time
C) They improve logging performance
D) They increase system availability
Answer: A) They often grant excessive permissions, leading to privilege escalation risks
Explanation: Default IAM policies may provide more access than necessary, increasing security risks.
140. What should be done to prevent unauthorized physical access to critical IT infrastructure?
A) Implement biometric access control and security monitoring
B) Allow unrestricted public access
C) Keep doors unlocked for ease of use
D) Disable security alarms
Answer: A) Implement biometric access control and security monitoring
Explanation: Physical security controls help prevent unauthorized access to sensitive infrastructure.
141. What is the security risk of allowing unrestricted file execution in a web application?
A) Attackers can upload and execute malicious scripts
B) It speeds up website performance
C) It prevents SQL injection
D) It improves caching performance
Answer: A) Attackers can upload and execute malicious scripts
Explanation: Allowing unrestricted file execution can lead to remote code execution (RCE) vulnerabilities, enabling attackers to take control of the system.
142. What is the risk of using weak encryption for stored passwords?
A) Attackers can easily crack passwords if they gain access to the database
B) It improves database performance
C) It enhances user authentication speed
D) It reduces system resource consumption
Answer: A) Attackers can easily crack passwords if they gain access to the database
Explanation: Weak encryption (e.g., MD5, SHA-1) allows attackers to crack passwords using brute force or rainbow tables.
143. Why should Cross-Origin Resource Sharing (CORS) settings be carefully configured?
A) Misconfigured CORS allows unauthorized websites to access sensitive data
B) It improves website SEO
C) It prevents brute-force attacks
D) It enhances API response time
Answer: A) Misconfigured CORS allows unauthorized websites to access sensitive data
Explanation: If CORS is misconfigured (e.g., allowing * for all origins), malicious websites can exploit APIs to steal user data.
144. What is a major risk of failing to monitor and audit system logs?
A) Security incidents may go undetected, leading to prolonged attacks
B) It speeds up system performance
C) It improves database indexing
D) It prevents malware infections
Answer: A) Security incidents may go undetected, leading to prolonged attacks
Explanation: Regular log monitoring helps detect unauthorized access and suspicious activities before they escalate.
145. Why is it important to disable weak SSL/TLS protocols such as SSLv3 and TLS 1.0?
A) Older protocols have known vulnerabilities that can be exploited
B) It improves page load times
C) It enhances SEO rankings
D) It reduces database load
Answer: A) Older protocols have known vulnerabilities that can be exploited
Explanation: Older SSL/TLS versions are susceptible to attacks like POODLE and BEAST, making encryption ineffective.
146. What is the security risk of allowing excessive permissions to third-party applications?
A) The application may access or modify data beyond what is necessary
B) It speeds up API integration
C) It improves user experience
D) It increases data encryption
Answer: A) The application may access or modify data beyond what is necessary
Explanation: Overly permissive third-party integrations can be exploited to leak or alter sensitive data.
147. Why should error messages be generic for users but detailed for logs?
A) To prevent information disclosure while allowing proper debugging
B) To improve website speed
C) To enhance session management
D) To improve browser caching
Answer: A) To prevent information disclosure while allowing proper debugging
Explanation: Generic error messages protect sensitive details, while detailed logs help administrators debug issues securely.
148. What is a risk of using default SSH configurations without hardening?
A) Attackers can easily brute-force SSH credentials
B) It improves SSH connection speed
C) It reduces server load
D) It prevents DDoS attacks
Answer: A) Attackers can easily brute-force SSH credentials
Explanation: Default SSH settings often allow weak authentication, making it an easy target for brute-force attacks.
149. Why should security headers like X-Frame-Options and X-XSS-Protection be configured?
A) They help protect against clickjacking and XSS attacks
B) They improve website speed
C) They prevent phishing attacks
D) They enhance SEO performance
Answer: A) They help protect against clickjacking and XSS attacks
Explanation: Security headers prevent attacks by restricting how web pages can be embedded and executed.
150. What is a security misconfiguration that allows attackers to enumerate valid usernames?
A) Showing detailed login error messages (e.g., “Invalid Username”)
B) Implementing multi-factor authentication
C) Using strong password policies
D) Encrypting all user data
Answer: A) Showing detailed login error messages (e.g., “Invalid Username”)
Explanation: Detailed login errors help attackers determine which usernames exist, aiding brute-force attacks.
151. What should be done to secure publicly accessible Docker containers?
A) Restrict access and avoid running containers as root
B) Use only default settings
C) Allow unrestricted remote access
D) Enable auto-login for debugging
Answer: A) Restrict access and avoid running containers as root
Explanation: Running Docker containers with minimal privileges reduces the risk of container escapes and privilege escalation.
152. Why should weak default encryption keys be changed immediately after software installation?
A) Default keys may be publicly known or easily guessed
B) It improves software performance
C) It enhances caching speed
D) It simplifies debugging
Answer: A) Default keys may be publicly known or easily guessed
Explanation: Leaving default encryption keys unchanged exposes data to decryption by attackers.
153. What is a risk of running web applications with unnecessary debugging enabled?
A) Debug information may expose system details and vulnerabilities
B) It improves application response time
C) It enhances error handling
D) It prevents XSS attacks
Answer: A) Debug information may expose system details and vulnerabilities
Explanation: Verbose debugging can reveal stack traces, database structures, and API endpoints, helping attackers.
154. Why should unused plugins and themes be removed from web applications?
A) Outdated or unused plugins can introduce security vulnerabilities
B) It increases website traffic
C) It enhances browser caching
D) It improves database indexing
Answer: A) Outdated or unused plugins can introduce security vulnerabilities
Explanation: Plugins and themes that are not updated may contain unpatched security flaws.
155. What is the security risk of setting overly permissive database access rules?
A) Unauthorized users may view or modify sensitive data
B) It improves database performance
C) It prevents data redundancy
D) It enhances encryption
Answer: A) Unauthorized users may view or modify sensitive data
Explanation: Overly permissive database rules allow attackers to access and alter data, leading to breaches.
156. Why should insecure default file permissions be changed immediately?
A) Default settings may allow unauthorized read/write access
B) It speeds up file execution
C) It reduces network latency
D) It enhances file compression
Answer: A) Default settings may allow unauthorized read/write access
Explanation: Improper file permissions can expose sensitive files to unauthorized users or attackers.
157. What is a security misconfiguration that can lead to Subdomain Takeover attacks?
A) Leaving unclaimed DNS records pointing to third-party services
B) Enforcing HTTP Strict Transport Security (HSTS)
C) Using encrypted database storage
D) Implementing CSP policies
Answer: A) Leaving unclaimed DNS records pointing to third-party services
Explanation: If a subdomain’s DNS record points to a decommissioned service, an attacker can claim it and host malicious content.
158. Why should software applications be configured to limit failed login attempts?
A) To prevent brute-force attacks
B) To improve authentication speed
C) To reduce network congestion
D) To increase session timeouts
Answer: A) To prevent brute-force attacks
Explanation: Limiting failed login attempts reduces the effectiveness of password-guessing attacks.
159. What is a common security misconfiguration in mobile applications?
A) Storing sensitive data in local storage without encryption
B) Enforcing biometric authentication
C) Using HTTPS for API calls
D) Implementing certificate pinning
Answer: A) Storing sensitive data in local storage without encryption
Explanation: Storing sensitive information in plaintext allows attackers to extract it if the device is compromised.
160. What is the primary risk of using public Wi-Fi without a VPN?
A) Attackers can intercept and read unencrypted traffic
B) It improves internet speed
C) It enhances mobile device security
D) It prevents malware infections
Answer: A) Attackers can intercept and read unencrypted traffic
Explanation: Man-in-the-middle (MITM) attacks can capture sensitive data transmitted over public networks.
161. What is a major security risk of exposing server banner information?
A) Attackers can identify the server version and exploit known vulnerabilities
B) It improves server performance
C) It helps with caching
D) It speeds up database indexing
Answer: A) Attackers can identify the server version and exploit known vulnerabilities
Explanation: Server banners reveal the software and version running on a system, helping attackers craft targeted exploits.
162. Why should access to the .env file in web applications be restricted?
A) It often contains sensitive configuration details like API keys and database credentials
B) It improves website loading speed
C) It enhances SEO ranking
D) It prevents malware infections
Answer: A) It often contains sensitive configuration details like API keys and database credentials
Explanation: Attackers can gain critical access to databases and services if .env files are exposed.
163. What is a common misconfiguration in CI/CD pipelines that attackers exploit?
A) Hardcoded credentials in pipeline scripts
B) Using automated security testing
C) Restricting API access
D) Enforcing MFA for pipeline access
Answer: A) Hardcoded credentials in pipeline scripts
Explanation: Attackers can extract hardcoded secrets from pipelines to gain unauthorized access.
164. What is a security risk of using default database ports?
A) Attackers can easily locate and target databases
B) It increases query execution speed
C) It prevents brute-force attacks
D) It enhances data encryption
Answer: A) Attackers can easily locate and target databases
Explanation: Default ports are well-known, making it easier for attackers to scan and attempt unauthorized access.
165. Why should the robots.txt file be carefully configured?
A) Misconfigurations can expose sensitive directories to attackers
B) It improves website indexing
C) It prevents session hijacking
D) It enhances firewall security
Answer: A) Misconfigurations can expose sensitive directories to attackers
Explanation: If robots.txt includes disallowed but sensitive URLs, attackers can manually access them.
166. What is a major risk of misconfigured Object Storage Buckets (e.g., AWS S3, GCP, Azure Blob)?
A) Unauthorized access to sensitive data
B) Increased storage cost
C) Slow website performance
D) Improved API response time
Answer: A) Unauthorized access to sensitive data
Explanation: Publicly accessible storage buckets often lead to data breaches.
167. Why should unnecessary browser features like JavaScript eval() be disabled in web applications?
A) It reduces the risk of Cross-Site Scripting (XSS) attacks
B) It improves browser speed
C) It enhances caching
D) It prevents SQL injection
Answer: A) It reduces the risk of Cross-Site Scripting (XSS) attacks
Explanation: Functions like eval() can be exploited to execute malicious scripts.
168. What is a security risk of not enforcing secure cookie attributes (e.g., HttpOnly, Secure, SameSite)?
A) Attackers can steal session cookies via XSS or MITM attacks
B) It speeds up cookie retrieval
C) It improves caching efficiency
D) It enhances encryption
Answer: A) Attackers can steal session cookies via XSS or MITM attacks
Explanation: Proper cookie attributes help prevent session hijacking and cross-site request forgery (CSRF).
169. Why should database error messages be disabled in production environments?
A) They can reveal database structure and query details to attackers
B) They improve debugging
C) They enhance application performance
D) They prevent SQL injection
Answer: A) They can reveal database structure and query details to attackers
Explanation: Detailed database errors provide valuable information for SQL injection attacks.
170. What is a risk of running outdated third-party plugins in a web application?
A) Attackers can exploit known vulnerabilities in plugins
B) It reduces server load
C) It enhances caching performance
D) It prevents malware attacks
Answer: A) Attackers can exploit known vulnerabilities in plugins
Explanation: Unpatched plugins are common entry points for attackers.
171. What is a security risk of not validating user input properly?
A) Users can inject malicious data leading to XSS, SQL injection, or command injection
B) It improves website responsiveness
C) It prevents denial-of-service attacks
D) It speeds up form submissions
Answer: A) Users can inject malicious data leading to XSS, SQL injection, or command injection
Explanation: Proper input validation helps prevent common web vulnerabilities.
172. Why should security patches be applied immediately in software environments?
A) To fix known vulnerabilities before attackers exploit them
B) To slow down system performance
C) To improve website indexing
D) To reduce CPU usage
Answer: A) To fix known vulnerabilities before attackers exploit them
Explanation: Delaying patches increases the risk of zero-day attacks.
173. What is a security risk of allowing unrestricted email forwarding in an enterprise?
A) Sensitive emails can be forwarded to external malicious actors
B) It improves email delivery speed
C) It enhances spam filtering
D) It prevents email spoofing
Answer: A) Sensitive emails can be forwarded to external malicious actors
Explanation: Unrestricted email forwarding can be used for data exfiltration.
174. Why should SSH root login be disabled?
A) It prevents attackers from directly gaining root access
B) It speeds up remote connections
C) It improves firewall efficiency
D) It enhances DNS resolution
Answer: A) It prevents attackers from directly gaining root access
Explanation: Disabling root login reduces the risk of privilege escalation.
175. What is a security risk of allowing unrestricted Cross-Site WebSocket connections?
A) Attackers can hijack WebSocket connections and steal data
B) It improves network latency
C) It enhances API performance
D) It prevents malware infections
Answer: A) Attackers can hijack WebSocket connections and steal data
Explanation: Misconfigured WebSockets can be exploited to steal sensitive information.
176. Why should default SNMP community strings be changed on network devices?
A) Attackers can use them to gain unauthorized network access
B) It enhances device logging
C) It improves data transmission speed
D) It prevents spam emails
Answer: A) Attackers can use them to gain unauthorized network access
Explanation: SNMP defaults like public and private should be changed to prevent unauthorized access.
177. What is the risk of using wildcard * permissions in IAM policies?
A) It grants excessive privileges that attackers can exploit
B) It improves API response time
C) It prevents SQL injection
D) It enhances authentication security
Answer: A) It grants excessive privileges that attackers can exploit
Explanation: Overly permissive IAM policies increase security risks.
178. Why should HTTP TRACE and OPTIONS methods be disabled?
A) They can be exploited for Cross-Site Tracing (XST) attacks
B) It speeds up web performance
C) It improves SSL/TLS encryption
D) It prevents malware execution
Answer: A) They can be exploited for Cross-Site Tracing (XST) attacks
Explanation: Disabling unused HTTP methods reduces attack vectors.
179. What is a security misconfiguration in cloud-based virtual machines (VMs)?
A) Leaving SSH/RDP ports open to the internet
B) Using firewall rules to restrict access
C) Enforcing least privilege IAM roles
D) Encrypting VM disks
Answer: A) Leaving SSH/RDP ports open to the internet
Explanation: Exposed remote access ports increase the risk of unauthorized access.
180. Why should sensitive API endpoints require authentication and authorization?
A) To prevent unauthorized data access and API abuse
B) To improve API response speed
C) To enhance browser caching
D) To optimize database queries
Answer: A) To prevent unauthorized data access and API abuse
Explanation: Unauthorized API access can lead to data breaches and system compromise.
181. What is the risk of allowing unrestricted outbound traffic in a firewall configuration?
A) Malware can communicate with command-and-control (C2) servers
B) It improves network speed
C) It enhances API performance
D) It prevents SQL injection
Answer: A) Malware can communicate with command-and-control (C2) servers
Explanation: Restricting outbound traffic prevents compromised systems from communicating with attackers.
182. Why should default database table prefixes (e.g., wp_ in WordPress) be changed?
A) Attackers can target known tables for SQL injection
B) It speeds up database queries
C) It improves indexing performance
D) It enhances website speed
Answer: A) Attackers can target known tables for SQL injection
Explanation: Changing table prefixes adds an extra layer of security by making SQL injection attacks more difficult.
183. What is a major risk of leaving debugging tools enabled in production?
A) They may expose sensitive information such as database queries and credentials
B) They improve user experience
C) They prevent brute-force attacks
D) They enhance logging efficiency
Answer: A) They may expose sensitive information such as database queries and credentials
Explanation: Debugging tools should be disabled in production to prevent information leakage.
184. Why should APIs enforce strict authentication and authorization?
A) To prevent unauthorized access and data leaks
B) To improve API performance
C) To enhance response caching
D) To optimize network traffic
Answer: A) To prevent unauthorized access and data leaks
Explanation: APIs without authentication controls can be exploited for unauthorized access.
185. What is a security risk of failing to implement session expiration?
A) Attackers can hijack inactive user sessions
B) It improves website speed
C) It prevents phishing attacks
D) It enhances multi-factor authentication
Answer: A) Attackers can hijack inactive user sessions
Explanation: Expired sessions reduce the window for session hijacking attacks.
186. What should be done to prevent unrestricted file uploads?
A) Enforce file type validation and restrict execution permissions
B) Allow users to upload any file type
C) Store all uploaded files in a publicly accessible folder
D) Disable logging for file uploads
Answer: A) Enforce file type validation and restrict execution permissions
Explanation: Restricting file uploads prevents attackers from executing malicious files.
187. Why should cross-site request forgery (CSRF) tokens be implemented in web applications?
A) To prevent unauthorized state-changing actions
B) To speed up form submissions
C) To enhance API caching
D) To improve website SEO
Answer: A) To prevent unauthorized state-changing actions
Explanation: CSRF tokens ensure that only legitimate requests are processed by the server.
188. What is a security misconfiguration that allows attackers to exploit web cache poisoning?
A) Allowing user-controlled headers in cached responses
B) Implementing strong caching policies
C) Using content delivery networks (CDNs)
D) Encrypting cached data
Answer: A) Allowing user-controlled headers in cached responses
Explanation: If untrusted input is cached, attackers can manipulate responses.
189. Why should default SNMP configurations be changed on network devices?
A) Default SNMP settings can be exploited for unauthorized access
B) It enhances network speed
C) It improves device uptime
D) It prevents SQL injection
Answer: A) Default SNMP settings can be exploited for unauthorized access
Explanation: SNMP default settings are often public and can expose sensitive network details.
190. What is a risk of using unpatched third-party libraries in software applications?
A) They may contain publicly known vulnerabilities that attackers can exploit
B) They improve software compatibility
C) They enhance website performance
D) They reduce database query execution time
Answer: A) They may contain publicly known vulnerabilities that attackers can exploit
Explanation: Unpatched libraries introduce known security weaknesses.
191. Why should access logs be stored securely and monitored?
A) To detect suspicious activities and potential security incidents
B) To improve website speed
C) To prevent session hijacking
D) To optimize database queries
Answer: A) To detect suspicious activities and potential security incidents
Explanation: Regularly reviewing logs helps identify unauthorized access attempts.
192. What is the primary risk of exposing administrative interfaces to the public?
A) Attackers can attempt brute-force login attacks
B) It improves system performance
C) It prevents DoS attacks
D) It enhances API response times
Answer: A) Attackers can attempt brute-force login attacks
Explanation: Administrative interfaces should be restricted to internal networks or require VPN access.
193. Why should remote desktop protocol (RDP) be restricted and secured?
A) Unsecured RDP can be used by attackers for remote code execution
B) It improves user experience
C) It speeds up authentication
D) It enhances database security
Answer: A) Unsecured RDP can be used by attackers for remote code execution
Explanation: Open RDP ports are a common target for cyberattacks.
194. What is a common misconfiguration in cloud IAM policies?
A) Overly permissive roles allowing access beyond necessity
B) Implementing least privilege access control
C) Enforcing multi-factor authentication
D) Regularly rotating access keys
Answer: A) Overly permissive roles allowing access beyond necessity
Explanation: Excessive permissions increase the risk of privilege escalation attacks.
195. Why should wildcard (*) permissions in CORS policies be avoided?
A) It allows any website to access resources, leading to data leaks
B) It speeds up API performance
C) It improves cross-site scripting protection
D) It enhances HTTP request efficiency
Answer: A) It allows any website to access resources, leading to data leaks
Explanation: Overly permissive CORS settings expose APIs to unauthorized access.
196. What is the security risk of allowing unrestricted DNS queries (open resolver)?
A) Attackers can exploit it for DNS amplification attacks
B) It improves domain resolution speed
C) It enhances network stability
D) It reduces DNS latency
Answer: A) Attackers can exploit it for DNS amplification attacks
Explanation: Open DNS resolvers can be abused in DDoS attacks.
197. Why should unnecessary services and ports be disabled on a server?
A) To reduce the attack surface and minimize security risks
B) To improve website indexing
C) To increase system uptime
D) To enhance SSL encryption
Answer: A) To reduce the attack surface and minimize security risks
Explanation: Unnecessary services provide potential entry points for attackers.
198. What is a security misconfiguration that can lead to privilege escalation in Linux?
A) Allowing users to run commands as root without proper restrictions
B) Using least privilege access control
C) Disabling root login
D) Encrypting user sessions
Answer: A) Allowing users to run commands as root without proper restrictions
Explanation: Poor privilege configurations can allow unauthorized users to gain administrative access.
199. What is the risk of exposing database management interfaces (e.g., phpMyAdmin) to the internet?
A) Attackers can attempt brute-force attacks or exploit known vulnerabilities
B) It improves database query execution
C) It prevents XSS attacks
D) It speeds up website performance
Answer: A) Attackers can attempt brute-force attacks or exploit known vulnerabilities
Explanation: Database interfaces should be restricted to trusted IPs and require strong authentication.
200. Why should security headers such as Strict-Transport-Security (HSTS) be implemented?
A) To enforce HTTPS and prevent man-in-the-middle (MITM) attacks
B) To improve website speed
C) To enhance firewall performance
D) To reduce network congestion
Answer: A) To enforce HTTPS and prevent man-in-the-middle (MITM) attacks
Explanation: HSTS ensures that browsers only connect to the website using HTTPS.