Top 30 multiple-choice questions (MCQs) only focused on the Security Headers and Access Controls in WEB Security covering below topics,along with their answers and explanations.
• Explaining the role of security headers (e.g., Content Security Policy) in enforcing access controls.
• Discussing best practices for configuring security headers.
1. What is the primary role of the Content Security Policy (CSP) header in web security?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources by defining the sources from which they can be loaded
- To encrypt sensitive data transmission
The primary role of the Content Security Policy (CSP) header is to enforce access controls on resources by defining the sources from which they can be loaded.
2. Which security header helps prevent clickjacking attacks by restricting how a page can be embedded into an iframe?
- Strict-Transport-Security
- X-Frame-Options
- Content-Security-Policy
- Access-Control-Allow-Origin
The X-Frame-Options header helps prevent clickjacking attacks by restricting how a page can be embedded into an iframe.
3. What does the Strict-Transport-Security (HSTS) header ensure?
- Improved website navigation
- Encryption of sensitive data transmission
- Access controls on resources
- Enhanced user privileges
The Strict-Transport-Security (HSTS) header ensures the encryption of sensitive data transmission by instructing the browser to use only secure connections.
4. How does the Referrer-Policy header impact access controls?
- It defines the sources from which resources can be loaded
- It restricts the information sent in the Referer header
- It encrypts sensitive data transmission
- It enhances user privileges
The Referrer-Policy header impacts access controls by restricting the information sent in the Referer header.
5. What is the primary purpose of the X-Content-Type-Options header?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To prevent browsers from interpreting files as a different MIME type
The X-Content-Type-Options header prevents browsers from interpreting files as a different MIME type, reducing the risk of MIME-sniffing attacks.
6. Why is it important to use the "noopener" or "noreferrer" value with the rel attribute in links when using the "target=_blank" attribute?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To mitigate the risk of tabnabbing attacks
Using "noopener" or "noreferrer" with the rel attribute in links when using "target=_blank" is important to mitigate the risk of tabnabbing attacks.
7. What is the purpose of the Feature-Policy header?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To control which browser features a page can use
The Feature-Policy header is used to control which browser features a page can use, providing a mechanism for access control.
8. Which security header is used to prevent browsers from rendering a page inside a frame or iframe?
- Strict-Transport-Security
- X-Frame-Options
- Content-Security-Policy
- Access-Control-Allow-Origin
The X-Frame-Options header is used to prevent browsers from rendering a page inside a frame or iframe.
9. How can the Cache-Control header contribute to security?
- By determining user roles
- By improving website navigation
- By enforcing access controls on resources
- By controlling caching behavior to enhance security
The Cache-Control header contributes to security by controlling caching behavior to enhance security, such as preventing sensitive information from being cached.
10. What is the primary purpose of the X-Permitted-Cross-Domain-Policies header?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To control whether cross-domain policy files are allowed
The X-Permitted-Cross-Domain-Policies header is used to control whether cross-domain policy files are allowed, influencing access controls.
11. What security header can help protect against Cross-Site Scripting (XSS) attacks by defining a policy for browser XSS filters?
- Content-Security-Policy
- Strict-Transport-Security
- X-XSS-Protection
- Referrer-Policy
The X-XSS-Protection header helps protect against XSS attacks by defining a policy for browser XSS filters.
12. How does the X-Content-Type-Options header enhance security?
- By determining user roles
- By improving website navigation
- By enforcing access controls on resources
- By preventing browsers from interpreting files as a different MIME type
The X-Content-Type-Options header enhances security by preventing browsers from interpreting files as a different MIME type.
13. What security header instructs browsers to prefer secure (HTTPS) connections over non-secure (HTTP) connections?
- Content-Security-Policy
- Strict-Transport-Security
- X-Frame-Options
- Access-Control-Allow-Origin
The Strict-Transport-Security header instructs browsers to prefer secure (HTTPS) connections over non-secure (HTTP) connections.
14. How does the Access-Control-Allow-Origin header impact cross-origin resource sharing (CORS)?
- By determining user roles
- By improving website navigation
- By enforcing access controls on resources
- By specifying which origins are permitted to access a resource
The Access-Control-Allow-Origin header impacts CORS by specifying which origins are permitted to access a resource.
15. What is the primary role of the Content-Security-Policy (CSP) header in web security?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources by defining the sources from which they can be loaded
- To encrypt sensitive data transmission
The primary role of the Content-Security-Policy (CSP) header is to enforce access controls on resources by defining the sources from which they can be loaded.
16. How can the X-Content-Type-Options header help prevent MIME-sniffing attacks?
- By determining user roles
- By improving website navigation
- By enforcing access controls on resources
- By preventing browsers from interpreting files as a different MIME type
The X-Content-Type-Options header helps prevent MIME-sniffing attacks by preventing browsers from interpreting files as a different MIME type.
17. What security header can help mitigate the risk of clickjacking attacks?
- Content-Security-Policy
- Strict-Transport-Security
- X-Frame-Options
- Access-Control-Allow-Origin
The X-Frame-Options header helps mitigate the risk of clickjacking attacks by restricting how a page can be embedded into an iframe.
18. Why is using the "noopener" or "noreferrer" value with the rel attribute in links important for security?
- By determining user roles
- By improving website navigation
- By enforcing access controls on resources
- By mitigating the risk of tabnabbing attacks
Using "noopener" or "noreferrer" with the rel attribute in links is important for security to mitigate the risk of tabnabbing attacks.
19. What security header is used to specify the policy that browsers should use for handling mixed-content (HTTP and HTTPS) on a website?
- Content-Security-Policy
- Strict-Transport-Security
- X-Content-Type-Options
- Referrer-Policy
The Content-Security-Policy header is used to specify the policy that browsers should use for handling mixed-content on a website.
20. How does the Feature-Policy header contribute to security?
- By determining user roles
- By improving website navigation
- By enforcing access controls on resources
- By controlling which browser features a page can use
The Feature-Policy header contributes to security by controlling which browser features a page can use, providing a mechanism for access control.
21. What security header helps prevent browsers from rendering a page inside a frame or iframe?
- Strict-Transport-Security
- X-Frame-Options
- Content-Security-Policy
- Access-Control-Allow-Origin
The X-Frame-Options header helps prevent browsers from rendering a page inside a frame or iframe.
22. How does the Referrer-Policy header impact access controls?
- It defines the sources from which resources can be loaded
- It restricts the information sent in the Referer header
- It encrypts sensitive data transmission
- It enhances user privileges
The Referrer-Policy header impacts access controls by restricting the information sent in the Referer header.
23. What is the primary purpose of the X-Permitted-Cross-Domain-Policies header?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To control whether cross-domain policy files are allowed
The X-Permitted-Cross-Domain-Policies header is used to control whether cross-domain policy files are allowed, influencing access controls.
24. How can the Cache-Control header contribute to security?
- By determining user roles
- By improving website navigation
- By enforcing access controls on resources
- By controlling caching behavior to enhance security
The Cache-Control header contributes to security by controlling caching behavior to enhance security, such as preventing sensitive information from being cached.
25. What is the primary purpose of the Feature-Policy header?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To control which browser features a page can use
The Feature-Policy header is used to control which browser features a page can use, providing a mechanism for access control.
26. Why is it important to use the "noopener" or "noreferrer" value with the rel attribute in links when using the "target=_blank" attribute?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To mitigate the risk of tabnabbing attacks
Using "noopener" or "noreferrer" with the rel attribute in links when using "target=_blank" is important to mitigate the risk of tabnabbing attacks.
27. What is the purpose of the X-Content-Type-Options header?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To prevent browsers from interpreting files as a different MIME type
The X-Content-Type-Options header prevents browsers from interpreting files as a different MIME type, reducing the risk of MIME-sniffing attacks.
28. Which security header is used to prevent browsers from rendering a page inside a frame or iframe?
- Strict-Transport-Security
- X-Frame-Options
- Content-Security-Policy
- Access-Control-Allow-Origin
The X-Frame-Options header is used to prevent browsers from rendering a page inside a frame or iframe.
29. How can the Cache-Control header contribute to security?
- By determining user roles
- By improving website navigation
- By enforcing access controls on resources
- By controlling caching behavior to enhance security
The Cache-Control header contributes to security by controlling caching behavior to enhance security, such as preventing sensitive information from being cached.
30. What is the primary purpose of the X-Permitted-Cross-Domain-Policies header?
- To determine user roles
- To improve website navigation
- To enforce access controls on resources
- To control whether cross-domain policy files are allowed
The X-Permitted-Cross-Domain-Policies header is used to control whether cross-domain policy files are allowed, influencing access controls.