OWASP Top 10 MCQ with Answers

by AAT Team · Updated August 5, 2023

OWASP is a non-profit organization that publishes the Top 10 categories of vulnerability types of web applications. This blog lists multiple-choice questions (MCQ) on OWASP Top 10. Solutions of MCQ are available at the end of the blog.

Table of Contents

• (1) Which of the category added newly in OWASP Top 10 2021?
• (2) What are the weaknesses included in Cryptographic Failures?
• (3) What are the weaknesses included in Software and Data Integrity Failures?
• (4) Which category of OWASP Top 10 broadly cover SolarWinds malicious update-related issue?
• (5) How to prevent Injection vulnerability in a web application?
• (6) What are the example attacks of Identification and Authentication Failures?
• (7) What are the weaknesses included in Security logging and monitoring?
• (8) Which category includes XSS in OWASP Top 10 2021?
• (9) Which category includes Insecure Deserialization in OWASP Top 10 2021?
• (10) Reusing a Nonce, Key Pair in Encryption cover in which category of OWASP Top 10 2021?

(1) Which of the category added newly in OWASP Top 10 2021?

(A) Broken Access Control
(B) Insecure Design
(C) Software and Data Integrity Failure
(D) Server-Side Request Forgery (SSRF)

(2) What are the weaknesses included in Cryptographic Failures?

(A) Use of Hard-coded Password
(B) Broken or Risky Crypto Algorithm
(C) SQL Injection
(D) Insufficient Entropy

(3) What are the weaknesses included in Software and Data Integrity Failures?

(A) Download of Code Without Integrity Check
(B) Insufficient Entropy
(C) Deserialization of Untrusted Data
(D) Broken or Risky Crypto Algorithm

(4) Which category of OWASP Top 10 broadly cover SolarWinds malicious update-related issue?

(A) Identification and Authentication Failures
(B) Software and Data Integrity Failures
(C) Server-Side Request Forgery
(D) Security Logging and Monitoring Failures

(5) How to prevent Injection vulnerability in a web application?

(A) Use Security Headers
(B) Use of safe API
(C) Use HTTPS/TLS protocol
(D) Input validation

(6) What are the example attacks of Identification and Authentication Failures?

(A) CSRF
(B) Use of Credential Stuffing
(C) Exploiting third party component
(D) Retrieve credit card numbers by exploiting SQL Injection flaw

(7) What are the weaknesses included in Security logging and monitoring?

(A) Omission of Security-relevant Information
(B) SQL Injection
(C) Insufficient Entropy
(D) Insertion of Sensitive Information into Log File

(8) Which category includes XSS in OWASP Top 10 2021?

(A) Broken Access Control
(B) Insecure Design
(C) Software and Data Integrity Failure
(D) Injection

(9) Which category includes Insecure Deserialization in OWASP Top 10 2021?

(A) Broken Access Control
(B) Insecure Design
(C) Software and Data Integrity Failure
(D) Injection

(10) Reusing a Nonce, Key Pair in Encryption cover in which category of OWASP Top 10 2021?

(A) Broken Access Control
(B) Insecure Design
(C) Software and Data Integrity Failure
(D) Cryptographic Failure

Solutions:

(1) B, C, D

(2) A, B, D

(3) A, C

(4) B

(5) B, D

(6) B

(7) A, D

(8) D

(9) C

(10) D

Related

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

• 

  Palo Alto DNS Security

  November 5, 2020

   by AAT Team · Updated November 9, 2022

• 

  12 iOS Application Security Testing Tools

  May 24, 2021

   by AAT Team · Updated November 17, 2022

• 

  Lynis: Free Nessus Alternative Tool

  November 2, 2020

   by AAT Team · Updated November 13, 2022