1. Which of the following options is the top 1 web application security risk based on OWASP 2017 report?

A) XSS Attack
B) Server Information Theft
C) Code Execution
D) SQL Injection



2. Which of the following methods CANNOT increase account security?

A) Strong password policies
B) Periodically reset the user login passwords
C) Adhere to the minimum authorization principle
D) Unite user management, permission management and resource management into a single management process



3. Which of the following 2 security risks are not included in OWASP published 2017 Top 10 Web Application Security Risks(Select 2answers)

A) Cross-Site Request Forgery(CSRF)
B) Injection
C) Cross-Site Scripting(XSS)
D) Unvalidated Redirects and Forwards



4. Security risk may caused by 'Cloud platform', 'ISV' or 'End user', which of the following options are the possible risks may caused by Cloud Platform?(Select 3answers)

A) Software development cycel is not formalized
B) Security system overall solutions are not complete
C) Administration tools on Cloud Platform may have some flaws
D) Cloud platform console and API may lack of security hardenning



5. Regarding the 'Shared Security Responsibilities' on Alibaba Cloud, which of the following options are the responsibilities Cloud user need to take care of ?(Select 3answers)

A) Data security inside ECS
B) Physical servers water proof
C) Application vulnerabilities
D) ECS network configuration