WEB WOC SEMINARS EXAM LATEST
EXAMINATION TEST 2026 FULL QUESTIONS
AND ACCURATE SOLUTIONS GRADED A+
⩥ Discretionary Access Control (DAC). Answer: Model of access
control based on access being determined by the owner of the resource
in question
Example:
A user who creates a network share and sets permissions on that share
⩥ Mandatory Access Control (MAC). Answer: Model of access control
in which the owner of the resource does not get to decide who gets to
access it, but instead access is decided by a group or individual who has
the authority to set access on resources
⩥ Role-Based Access Control (RBAC). Answer: Model of access
control that set by an authority responsible for doing so, rather than by
the owner of the resource.
⩥ Attribute-based Access Control (ABAC). Answer: Model of access
control that is, logically, based on attributes from a particular person, of
a resource, or of an environment.
,Example:
VPN connection is set to timeout after a certain time
⩥ Multilevel Access Control. Answer: An access control model that
includes many tiers of security and is used extensively by military and
government organizations and those that handle data of a very sensitive
nature
⩥ Confused Deputy Problem. Answer: A type of attack that is common
in systems that use ACLs rather than capabilities. The crux of the
confused deputy problem is seen when the software with access to a
resource has a greater level of permission to access the resource than the
user who is controlling the software.
If we, as the user, can trick the software into misusing its greater level of
authority, we can potentially carry out an attack
⩥ Client-side Attacks. Answer: Attacks that take advantage of
weaknesses in applications that are running on the computer being
operated directly by the user. These attacks can take the form of code
sent through the Web browser, which is then executed on the local
machine, malformed PDF files, images or videos with attack code
embedded, or other forms
⩥ Cross-Site Request Forgery (CSRF or XSRF). Answer: An attack that
misuses the authority of the browser on the user's computer. If the
, attacker knows of, or can guess, a Web site to which the user might
already be authenticated, perhaps a very common site such as
Amazon.com, they can attempt to carry out a CSRF attack [2]. They can
do this by embedding a link in a Web page or HTML-based e-mail,
generally a link to an image from the site to which he wishes to direct
the user without their knowledge. When the application attempts to
retrieve the image in the link, it also executes the additional commands
the attacker has embedded in it.
⩥ Clickjacking (User Interface Redressing). Answer: A client-side attack
that involves the attacker placing an invisible layer over something on a
website that the user would normally click on, in order to execute a
command differing from what the user thinks they are performing.
⩥ Accountability. Answer: Identification, Authentication, Authorization,
and Access.
⩥ Nonrepudiation. Answer: A situation in which sufficient evidence
exists as to prevent an individual from successfully denying that he or
she has made a statement, or taken an action
⩥ Intrusion Detection. Answer: Monitors and reports malicious events
⩥ Intrusion Prevention. Answer: Alarms and takes actions when
malicious events occur
EXAMINATION TEST 2026 FULL QUESTIONS
AND ACCURATE SOLUTIONS GRADED A+
⩥ Discretionary Access Control (DAC). Answer: Model of access
control based on access being determined by the owner of the resource
in question
Example:
A user who creates a network share and sets permissions on that share
⩥ Mandatory Access Control (MAC). Answer: Model of access control
in which the owner of the resource does not get to decide who gets to
access it, but instead access is decided by a group or individual who has
the authority to set access on resources
⩥ Role-Based Access Control (RBAC). Answer: Model of access
control that set by an authority responsible for doing so, rather than by
the owner of the resource.
⩥ Attribute-based Access Control (ABAC). Answer: Model of access
control that is, logically, based on attributes from a particular person, of
a resource, or of an environment.
,Example:
VPN connection is set to timeout after a certain time
⩥ Multilevel Access Control. Answer: An access control model that
includes many tiers of security and is used extensively by military and
government organizations and those that handle data of a very sensitive
nature
⩥ Confused Deputy Problem. Answer: A type of attack that is common
in systems that use ACLs rather than capabilities. The crux of the
confused deputy problem is seen when the software with access to a
resource has a greater level of permission to access the resource than the
user who is controlling the software.
If we, as the user, can trick the software into misusing its greater level of
authority, we can potentially carry out an attack
⩥ Client-side Attacks. Answer: Attacks that take advantage of
weaknesses in applications that are running on the computer being
operated directly by the user. These attacks can take the form of code
sent through the Web browser, which is then executed on the local
machine, malformed PDF files, images or videos with attack code
embedded, or other forms
⩥ Cross-Site Request Forgery (CSRF or XSRF). Answer: An attack that
misuses the authority of the browser on the user's computer. If the
, attacker knows of, or can guess, a Web site to which the user might
already be authenticated, perhaps a very common site such as
Amazon.com, they can attempt to carry out a CSRF attack [2]. They can
do this by embedding a link in a Web page or HTML-based e-mail,
generally a link to an image from the site to which he wishes to direct
the user without their knowledge. When the application attempts to
retrieve the image in the link, it also executes the additional commands
the attacker has embedded in it.
⩥ Clickjacking (User Interface Redressing). Answer: A client-side attack
that involves the attacker placing an invisible layer over something on a
website that the user would normally click on, in order to execute a
command differing from what the user thinks they are performing.
⩥ Accountability. Answer: Identification, Authentication, Authorization,
and Access.
⩥ Nonrepudiation. Answer: A situation in which sufficient evidence
exists as to prevent an individual from successfully denying that he or
she has made a statement, or taken an action
⩥ Intrusion Detection. Answer: Monitors and reports malicious events
⩥ Intrusion Prevention. Answer: Alarms and takes actions when
malicious events occur
