2/21/24, 3:30 PM Week 1 MCQ Evaluation

Week 1 MCQ Evaluation

Total points 46/60

This quiz consists of a total of 30 questions, with each question carrying

2 points. The topic for this evaluation is HTML Injection and Clickjacking.

Note: Please make sure to attempt the quiz using your registered email id.

Email *

herrypatidar00@gmail.com

0 of 0 points

Full Name *

Harsh Patidar

HTML Injection 26 of 30 points

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 1/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

You're a cybersecurity analyst investigating an HTML *0/2

Injection attack on a government website, leaking
sensitive citizen data. Outline your response:

Downplay incident, quietly fix vulnerabilities, minor security

enhancements.

Ignore incident, focus on internal measures, avoid public

disclosure.

Conduct thorough investigation, notify affected citizens, engage

authorities, compensate for damages.

Notify authorities, assess impact, patch vulnerabilities,

enhance security measures.

Correct answer

Conduct thorough investigation, notify affected citizens, engage

authorities, compensate for damages.

Feedback

Explanation: The option (Conduct thorough.......) outlines a

comprehensive response plan, including conducting a thorough
investigation, notifying affected citizens, engaging authorities, and
compensating for damages.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 2/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which HTML tag is commonly targeted in HTML *2/2

Injection attacks?

<a>

<script>

<img>

<div>

Feedback

Explanation: The <script> tag is commonly targeted in HTML Injection

attacks because it allows for the execution of JavaScript code, which
can be used maliciously to manipulate the webpage or steal sensitive
information.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 3/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

How can developers prevent HTML Injection attacks in *2/2

web applications?

By escaping user input before displaying it on the webpage

By using strong passwords for user authentication

By encrypting all data transmitted between the client and the

server

By disabling JavaScript in all input fields

Feedback

Explanation: Escaping user input helps prevent HTML Injection attacks

by ensuring that any potentially dangerous characters are rendered
harmless before being displayed on the webpage.

Which tag is used to create a numbered list in HTML? * 2/2

<li>

<ol>

<ul>

<dl>

Feedback

Explanation: The <ol> tag is used to create an ordered (numbered) list in

HTML.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 4/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which of the following is a common defense mechanism *2/2

against HTML Injection attacks?

Two-factor authentication

Captcha

HTTPS

Input validation

Feedback

Explanation: Input validation is a common defense mechanism against

HTML Injection attacks. By validating and sanitizing user input,
developers can ensure that only expected and safe data is accepted,
reducing the risk of injection vulnerabilities.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 5/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which HTML attribute specifies the alternative text for *2/2

an image, if the image cannot be displayed?

href

src

title

alt

Feedback

Explanation: The alt attribute in HTML specifies the alternative text for
an image, which is displayed if the image cannot be loaded or displayed
properly.

In HTML, what does the <a> tag represent? * 2/2

Animation

Anchor

Article

Audio

Feedback

Explanation: The <a> tag represents an anchor in HTML, commonly

used to create hyperlinks.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 6/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which HTML tag is used to define a hyperlink? * 2/2

<hyper>

<a>

<href>

<link>

Feedback

Explanation: The <a> tag is used to define a hyperlink in HTML.

Which attribute is used in HTML forms to specify where *2/2

to send the form-data when a form is submitted?

target

action

submit

method

Feedback

Explanation: The action attribute in HTML forms is used to specify

where to send the form-data when the form is submitted.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 7/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which HTML tag is commonly used to insert an image *2/2

into a webpage?

<picture>

<src>

<img>

<image>

Feedback

Explanation: The <img> tag is commonly used to insert images into a

webpage. It is a self-closing tag and requires the src attribute to specify
the image file's URL.

Which tag is used to create a line break in HTML? * 2/2

<hr>

<nl>

<lb>

<br>

Feedback

Explanation: The <br> tag is used to create a line break in HTML.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 8/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

You're leading the cybersecurity response for a major e- *2/2

commerce platform hit by HTML Injection attacks
stealing payment info during checkout. Describe your
plan:

Halt transactions, investigate, notify customers, compensate,

enhance security.

Downplay attacks, quietly fix vulnerabilities, minor security

enhancements.

Acknowledge breaches, apologize, inform, engage authorities,

enhance security.

Suspend checkout, notify customers, detect fraud, patch

vulnerabilities, enhance security.

Feedback

Explanation: The option (Halt transactions........) outlines a

comprehensive response plan, including suspending transactions,
investigating, notifying customers, compensating for losses, and
enhancing security measures.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5V… 9/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

What is the purpose of the <h1> tag in HTML? * 2/2

To insert an image

To define the main heading of a webpage

To create a horizontal rule

To italicize text

Feedback

Explanation: The <h1> tag is used to define the main heading of a

webpage. It represents the highest level of heading and is typically the
most important heading on the page.

Which HTML tag is used to define a paragraph? * 2/2

<pg>

<paragraph>

<para>

<p>

Feedback

Explanation: The <p> tag is used to define a paragraph in HTML.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 10/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

What is the impact of a successful HTML Injection *0/2

attack?

The attacker can intercept sensitive data transmitted between

the client and the server

The attacker gains unauthorized access to the server

The attacker can execute arbitrary code on the victim's browser

The website becomes temporarily unavailable

Correct answer

The attacker can execute arbitrary code on the victim's browser

Feedback

Explanation: A successful HTML Injection attack allows the attacker to

inject and execute arbitrary code (typically JavaScript) on the victim's
browser, leading to various malicious activities such as stealing
cookies, redirecting users to phishing sites, or performing actions on
behalf of the victim.

Clickjacking 20 of 30 points

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 11/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which HTTP header can be used to implement the *2/2

framebusting technique?

X-Frame-Options

Content-Security-Policy

Access-Control-Allow-Origin

Strict-Transport-Security

Feedback

Explanation: The X-Frame-Options HTTP header can be used to

implement the framebusting technique, helping to prevent a webpage
from being loaded inside a frame or iframe and mitigating Clickjacking
attacks.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 12/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

What is Clickjacking? * 0/2

A type of cyber attack where attackers steal sensitive

information by intercepting mouse clicks.

A technique used to manipulate search engine rankings by

artificially inflating website traffic.

A method of social engineering where attackers trick users into

clicking on malicious links.

A type of web attack where attackers trick users into clicking on

hidden or disguised buttons or links without their knowledge.

Correct answer

A type of web attack where attackers trick users into clicking on

hidden or disguised buttons or links without their knowledge.

Feedback

Explanation: Clickjacking involves presenting a user interface that

appears to be legitimate but is actually layered over another page or
element. When the user interacts with the visible interface, they are
actually interacting with the hidden or disguised elements, leading to
unintended actions.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 13/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which of the following techniques can help detect *2/2

Clickjacking attacks by comparing the size and position
of elements in the visible and invisible layers?

Content Security Policy (CSP)

Framebusting

UI redressing

Automated testing frameworks

Feedback

Explanation: UI redressing involves comparing the size and position of

elements in the visible and invisible layers to detect Clickjacking
attacks. By analyzing discrepancies between the expected and actual
layout of elements, UI redressing techniques can help identify potential
Clickjacking attempts.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 14/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which of the following is a common method to prevent *2/2

Clickjacking attacks?

Captcha

Two-factor authentication

Content Security Policy (CSP)

Encryption

Feedback

Explanation: Content Security Policy (CSP) is a common method used

to prevent Clickjacking attacks. CSP allows websites to define where
resources can be loaded from and can prevent unauthorized content
from being embedded into a page, thus mitigating Clickjacking risks.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 15/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which of the following is a potential risk of Clickjacking *2/2

attacks?

Unauthorized access to user credentials

Denial of Service (DoS) attacks

Phishing attacks

Cross-Site Scripting (XSS) attacks

Feedback

Explanation: Clickjacking attacks can lead to unauthorized access to

user credentials by tricking users into interacting with hidden or
disguised elements that perform actions without their knowledge.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 16/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

What is the term for the technique used in Clickjacking *0/2

attacks to make the hidden overlay transparent or
invisible to the user?

Overlaying

Transparency

Opacity

Concealment

Correct answer

Opacity

Feedback

Explanation: Opacity is adjusted to make the overlay appear invisible

while still capturing user interactions, leading to Clickjacking.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 17/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which of the following is a common example of *0/2

Clickjacking?

Clicking on a disguised button to download a malicious file

Being redirected to a fake login page after clicking on a legitimate

link

Having a hidden iframe capture sensitive information entered

on a website

Accidentally clicking on an advertisement while browsing the web

Correct answer

Clicking on a disguised button to download a malicious file

Feedback

Explanation: Clicking on a disguised button to download a malicious file

is a common example of Clickjacking. In this scenario, the attacker
overlays a legitimate-looking button with a hidden or transparent
element that triggers the download of a malicious file when clicked.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 18/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

You're investigating a sophisticated Clickjacking attack *0/2

targeting a government agency's website. The attack
resulted in unauthorized access to classified
information. How would you trace the origin of the
Clickjacking attack and identify the perpetrators?

Analyze server logs for suspicious IP addresses and conduct

reverse DNS lookups

Deploy honeypots to lure attackers and gather intelligence on their

methods

Collaborate with international cybercrime agencies to track down

the attackers

Implement advanced threat intelligence platforms to monitor

underground forums for discussions related to the attack

Correct answer

Deploy honeypots to lure attackers and gather intelligence on their

methods

Feedback

Explanation: Deploying honeypots can help lure attackers into

interacting with deceptive elements designed to resemble legitimate
targets. By analyzing the behavior and tactics of attackers interacting
with the honeypots, cybersecurity professionals can gather valuable
intelligence to trace the origin of the Clickjacking attack and identify the
perpetrators.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 19/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which HTML element is commonly used to create an *2/2

invisible overlay in a Clickjacking attack?

<iframe>

<p>

<a>

<img>

Feedback

Explanation: The <iframe> element is commonly used to create an

invisible overlay in a Clickjacking attack. This overlay is placed over the
legitimate content to deceive users into interacting with it unknowingly.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 20/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which of the following is an alternative term for *2/2

Clickjacking?

UI redressing

Cross-site scripting (XSS)

Session hijacking

Cross-site request forgery (CSRF)

Feedback

Explanation: UI redressing is an alternative term for Clickjacking. Both

terms refer to the technique of tricking users into interacting with
hidden or disguised elements on a webpage, leading to unintended
actions.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 21/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which of the following is a potential challenge in *2/2

implementing framebusting as a Clickjacking mitigation
technique?

Compatibility issues with older browsers

Limited effectiveness against sophisticated attackers

High computational overhead on the server-side

Incompatibility with Content Security Policy (CSP)

Feedback

Explanation: One potential challenge in implementing framebusting as a

Clickjacking mitigation technique is compatibility issues with older
browsers. Some older browsers may not fully support or implement
framebusting techniques, which can lead to inconsistencies in
protection across different browser versions.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 22/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which of the following is a common technique used to *2/2

prevent Clickjacking attacks?

Implementing Captcha challenges

Using secure SSL/TLS encryption

Enforcing strong password policies

Implementing X-Frame-Options header

Feedback

Explanation: The X-Frame-Options header is a common technique used

to prevent Clickjacking attacks. It allows webmasters to control whether
their site can be loaded within a frame on another site, thus mitigating
Clickjacking risks.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 23/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

What is the purpose of the "framebusting" technique in *2/2

preventing Clickjacking attacks?

To break out of frames and display the content in a new window

or tab

To prevent a webpage from being loaded inside a frame or

iframe

To encrypt sensitive information transmitted over the internet

To validate user input and prevent injection attacks

Feedback

Explanation: The purpose of the "framebusting" technique is to prevent

a webpage from being loaded inside a frame or iframe, thus mitigating
Clickjacking attacks.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 24/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which browser feature can help mitigate Clickjacking *2/2

attacks by preventing pages from being loaded in
iframes?

Same-origin policy

Cross-origin resource sharing (CORS)

Cross-site request forgery (CSRF) tokens

Two-factor authentication (2FA)

Feedback

Explanation: The same-origin policy is a browser feature that can help

mitigate Clickjacking attacks by preventing pages from being loaded in
iframes unless they share the same origin (i.e., protocol, domain, and
port) as the parent page. This restriction helps prevent unauthorized
embedding of pages from different origins, reducing the risk of
Clickjacking.

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 25/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

Which JavaScript function can be used to prevent *0/2

Clickjacking by checking if a webpage is being loaded in
a frame?

window.parent.location.href

window.frameElement

window.top.location

window.self

Correct answer

window.top.location

Feedback

Explanation: The window.top.location JavaScript property can be used

to prevent Clickjacking by checking if a webpage is being loaded in a
frame. It returns the topmost window's location object, allowing scripts
to access information about the URL of the current document.

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service -
Privacy Policy

Forms

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 26/27
2/21/24, 3:30 PM Week 1 MCQ Evaluation

https://docs.google.com/forms/d/e/1FAIpQLSdoAiewmkepI6i2AMf6fo2-N6eMMQKevzBK_0ZUDeDFc6JD4w/viewscore?viewscore=AE0zAgA5… 27/27