R22 Register No.

NANDHA ENGINEERING COLLEGE, ERODE - 638052

(Autonomous, Affiliated to Anna University, Chennai)
UG - Branch Continuous Assessment Test - II NOV 2024
III/V Sub Code & Sub Name
Time : 45 minutes Maximum Marks : 25
Uni
Part – A (Answer All the Questions) - 25 X 1 = 25 Marks (MCQ) BL
t
How can the lack of proper token expiration management pose a security risk?
a) By encrypting sensitive data transmission
A1 b) By determining user roles 3
c) By allowing expired tokens to be used for unauthorized access
d) By improving website navigation
A2 Why is it essential to link access controls with authentication tokens? 3
a) To improve website aesthetics
b) To enhance user navigation experience
c) To ensure secure and proper authorization of users
d) To speed up data transmission
A3 How does an authentication token contribute to the authorization process? 3
a) By improving website navigation
b) By encrypting sensitive data transmission
c) By determining user roles
d) By providing a secure means of authentication and authorization
A4 What is the term for an attack where an attacker intercepts and uses a token 3
that was intended for a different user?
a) Token Sniffing
b) Token Hijacking
c) Token Impersonation
d) Token Cross-Site Scripting
A5 What is the relationship between authentication tokens and access controls in 3
web security?
a) Authentication tokens are unrelated to access controls
b) Authentication tokens are used only for user identification
c) Access controls often rely on authentication tokens for authorization
d) Access controls are independent of authentication tokens
A6 What is the primary objective of penetration testing? 4
a) To audit the performance of the system
b) To identify and exploit vulnerabilities in the system
c) To detect viruses and malware
d) To test the strength of a firewall
A7 Which of the following is the best approach to conducting a penetration test? 4
a) Automated testing
b) White box testing
c) Black box testing
d) Grey box testing
A8 Which of the following is NOT a phase of the penetration testing process? 4
a) Scanning
b) Planning
c) Analysis
d) Enumeration
A9 What is the difference between a vulnerability and an exploit? 4
a) Vulnerability is a weakness in a system while an exploit is a tool used
to attack the system
b) Vulnerability is an attack on a system while an exploit is a weakness in
 the system
c) Vulnerability is a software issue while an exploit is a hardware issue
d) Vulnerability is a hardware issue while an exploit is a software issue
A10 What is the purpose of a proof of concept in a penetration test? 4
a) To report findings and recommendations to the organization
b) To test the system’s security controls
c) To demonstrate the impact of a vulnerability on the target system
d) To identify potential vulnerabilities in the system
A11 Which of the following is NOT a common type of penetration test?
a) Social engineering penetration testing
b) Network penetration testing 4
c) Wireless penetration testing
d) Web application penetration testing
A12 What is the purpose of a port scan? 4
a) To identify potential vulnerabilities in a system
b) To test the network connectivity of a system
c) To identify open ports on a system
d) To exploit open ports on a system
A13 What is a vulnerability assessment? 4
a) A comprehensive analysis of a system’s security posture
b) A process of identifying vulnerabilities and weaknesses in a system
c) A technique used to exploit vulnerabilities in a system
d) A method of assessing the physical security of a system
A14 What is the primary purpose of vulnerability scanning? 4
a) To identify and exploit vulnerabilities
b) To check for configuration issues
c) To identify vulnerabilities in a system
d) To simulate a real attack on a system
A15 What is the difference between vulnerability scanning and penetration testing? 4
a) Vulnerability scanning is conducted by internal security teams, while
penetration testing is conducted by external security firms
b) Vulnerability scanning identifies vulnerabilities and penetration testing
exploits them
c) Vulnerability scanning is less thorough than penetration testing
d) Vulnerability scanning is an active process while penetration testing is
passive
A16 What is the purpose of encrypting data in transit? 5
a) Optimizing server processing speed
b) Enhancing user interfaces
c) Protecting data from interception during transmission
d) Improving website aesthetics
A17 How can web application security positively impact business sustainability? 5
a) By focusing solely on website aesthetics
b) By ignoring user interface design
c) By reducing server storage capacity
d) By preventing financial losses and maintaining trust
A18 _________ is an attack which forces an end user to execute unwanted actions 5
on a web application in which he/she is currently authenticated.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
A19 In _________________ attacks, the attacker manages to get an application to 5
execute an SQL query created by the attacker.
a) Direct
 b) SQL injection
c) SQL
d) Application
A20 A Web site that allows users to enter text, such as a comment or a name, and 5
then stores it and later display it to other users, is potentially vulnerable to a
kind of attack called a __________ attack.
a) Cross-site request forgery
b) Cross-site scoring scripting
c) Cross-site scripting
d) Two-factor authentication
A21 Many applications use _________________ where two independent factors are
used to identify a user.
a) Cross-site scoring scripting
b) Two-factor authentication 5
c) Cross-site scripting
d) Cross-site request forgery
A22 Even with two-factor authentication, users may still be vulnerable
to_____________attacks.
a) Radiant
5
b) Cross attack
c) Scripting
d) Man-in-the-middle
A23 What is the purpose of social engineering in a penetration test?
a) To identify weaknesses in the target system’s software
b) To test the physical security of the target system 5
c) To test the network infrastructure of the target system
d) To manipulate individuals into disclosing sensitive information
A24 Which of the following is a common method of social engineering?
a) Brute force attack
b) Cross-site scripting (XSS) 5
c) Phishing
d) SQL injection
A25 Which of the following is a common type of vulnerability in web applications?
a) Man-in-the-middle (MitM) attack
b) Buffer overflow 5
c) Denial of service (DoS)
d) SQL injection

 The MCQ questions must be as per the following instruction

 From Unit – I (10 Questions)
 From Unit – II (10 Questions)
 From Unit – III (5 Questions)
0R22 Register No.

NANDHA ENGINEERING COLLEGE, ERODE - 638052

(Autonomous, Affiliated to Anna University, Chennai)
UG - Branch Continuous Assessment Test - I NOV 2024
I/I Sub Code & Sub Name
Time : 135 minutes Maximum Marks : 75
Part – B (Answer All the Questions) - 7 X 2 = 14 Marks Unit BL Marks
What is the importance of database-based vulnerability
B1 4 2
scanning, and in what scenarios is it commonly applied.
What does SSID or Wireless Testing focus on ,in penetration
B2 4 2
test.
Summarize primary purpose of network-based vulnerability
B3 4 2
scanners
Name a vulnerability assessment tool commonly used for network
B4 5 2
scanning
B5 Define Social Engineering and its significance in cybersecurity. 5 2
Discuss the impact of Cross-Site Scripting (XSS) attacks on web
B6 5 2
applications and users
How are API keys used to authenticate service-to-service API
B7 3 2
requests?
Part – C (Answer All the Questions) - 61 Marks Unit BL Marks
Discuss the Vulnerability Assessment Lifecycle in detail, outlining
each stage's significance and activities involved. Provide
C1 (a) 4 16
examples of tools and techniques commonly used in each stage
to effectively identify
(OR)
Evaluate the effectiveness of External Testing as a penetration
C1 (b) testing technique for assessing the security of an organization's 4 16
external network infrastructure.
Discuss the significance of Web Application Testing in penetration
C2 (a) 4 8
testing and its role
(OR)
Compare and contrast various types of vulnerability assessment
C2(b) 4 8
tools, including cloud-based, host-based, network-based
Discuss the various types of injection attacks, including SQL
C3 (a) injection, and explain how they exploit vulnerabilities in web 5 16
applications
(OR)
Discuss the concept of Cross-Site Request Forgery (CSRF)
C3 (b) 5 16
attacks and their potential impact on web application security.
Analyze the prevalence of Cross-Site Scripting (XSS)
C4 (a) 5 8
vulnerabilities in web
(OR)
Write in brief of Social Engineering and its significance in
C4 (b) 5 8
cybersecurity.
Explain the role of session cookies and token-based
C5 (a) 3 13
authentication in securing APIs
(OR)
C5 (b) Brief explain the role of audit logging in API security and 3 13
 compliance.

 The Part – C must have 3 Questions from Unit – I, 3 Questions from Unit – II and 1 Question from
Unit – III.
 The Part – D must have (16marks + 8 marks) from Unit – I, (16marks + 8 marks) from
Unit – II and (13marks) from Unit – III.