SANS SEC522: Application Security: Securing Web Apps,
APIs, and Microservices
1:Which of the following is a key difference between HTTP/1.1 and HTTP/2?
A. HTTP/2 uses TCP, while HTTP/1.1 uses UDP.
B. HTTP/2 supports multiplexing multiple requests over a single connection.
C. HTTP/1.1 supports binary framing, whereas HTTP/2 uses plain text.
D. HTTP/2 does not support server push.
Correct Answer: B
Explanation: HTTP/2 introduces multiplexing, allowing multiple requests and responses to
be sent simultaneously over a single TCP connection, improving performance compared to
HTTP/1.1, which requires separate connections for concurrent requests.
2:Which authentication method involves the use of tokens that are issued by a server
upon successful login?
A. Basic Authentication
B. Token-Based Authentication
C. Digest Authentication
D. Form-Based Authentication
Correct Answer: B
Explanation: Token-Based Authentication involves the server issuing a token upon
successful login, which the client includes in subsequent requests to authenticate itself.
3:In a typical three-tier web application architecture, which layer is responsible for
interacting directly with the database?
A. Presentation Layer
B. Business Logic Layer
C. Data Access Layer
D. Client Layer
1
, SANS SEC522: Application Security: Securing Web Apps,
APIs, and Microservices
Correct Answer: C
Explanation: The Data Access Layer in a three-tier architecture is responsible for interacting
directly with the database, handling data retrieval and storage.
4:Which of the following is a recent trend in web application attacks?
A. SQL Injection
B. Cross-Site Scripting (XSS)
C. Server-Side Request Forgery (SSRF)
D. Buffer Overflow
Correct Answer: C
Explanation: While SQL Injection and XSS are long-standing attack vectors, SSRF has
become a more recent trend, allowing attackers to make unauthorized requests from the
server.
5:What is the primary function of a Web Application Firewall (WAF)?
A. To prevent unauthorized physical access to the server
B. To filter and monitor HTTP traffic between a web application and the Internet
C. To manage database connections securely
D. To handle load balancing for web applications
Correct Answer: B
Explanation: A Web Application Firewall (WAF) filters, monitors, and blocks HTTP traffic
to and from a web application to protect against various attacks like SQL injection, XSS, and
others.
6:Which HTTP method is typically used to retrieve data without causing any side
effects on the server?
A. POST
2
, SANS SEC522: Application Security: Securing Web Apps,
APIs, and Microservices
B. PUT
C. GET
D. DELETE
Correct Answer: C
Explanation: The GET method is used to retrieve data from the server without making any
changes, making it idempotent and safe.
7:In the context of web application security, what does "environment isolation" refer
to?
A. Using separate physical servers for development and production
B. Ensuring that different environments (development, testing, production) are separated to
prevent unauthorized access and potential leaks
C. Isolating the user interface from the backend logic
D. Using different programming languages for different layers of the application
Correct Answer: B
Explanation: Environment isolation involves separating development, testing, and
production environments to prevent unauthorized access and potential leaks of sensitive data
or configurations.
8:Which of the following is NOT a component of the HTTP protocol?
A. Request Line
B. Headers
C. Body
D. Encrypted Payload
Correct Answer: D
3
, SANS SEC522: Application Security: Securing Web Apps,
APIs, and Microservices
Explanation: The HTTP protocol includes the request line, headers, and optionally a body.
Encrypted payloads are part of HTTPS, which is HTTP over TLS, but encryption is not a
component of HTTP itself.
9:Which authentication technology uses certificates to verify the identity of a user or
device?
A. OAuth
B. SAML
C. Mutual TLS (mTLS)
D. OpenID Connect
Correct Answer: C
Explanation: Mutual TLS (mTLS) uses certificates for both client and server to verify each
other's identities, providing strong authentication based on certificates.
10:What is the main advantage of using HTTP/3 over its predecessors?
A. It uses UDP instead of TCP for faster connection establishment.
B. It is a text-based protocol, making it easier to read.
C. It does not require encryption.
D. It is backward compatible with HTTP/1.1.
Correct Answer: A
Explanation: HTTP/3 uses QUIC, which is based on UDP, allowing for faster connection
establishment and improved performance over high-latency networks.
11:Which HTTP status code indicates that the request was successful and a new
resource was created?
A. 200 OK
B. 201 Created
4
APIs, and Microservices
1:Which of the following is a key difference between HTTP/1.1 and HTTP/2?
A. HTTP/2 uses TCP, while HTTP/1.1 uses UDP.
B. HTTP/2 supports multiplexing multiple requests over a single connection.
C. HTTP/1.1 supports binary framing, whereas HTTP/2 uses plain text.
D. HTTP/2 does not support server push.
Correct Answer: B
Explanation: HTTP/2 introduces multiplexing, allowing multiple requests and responses to
be sent simultaneously over a single TCP connection, improving performance compared to
HTTP/1.1, which requires separate connections for concurrent requests.
2:Which authentication method involves the use of tokens that are issued by a server
upon successful login?
A. Basic Authentication
B. Token-Based Authentication
C. Digest Authentication
D. Form-Based Authentication
Correct Answer: B
Explanation: Token-Based Authentication involves the server issuing a token upon
successful login, which the client includes in subsequent requests to authenticate itself.
3:In a typical three-tier web application architecture, which layer is responsible for
interacting directly with the database?
A. Presentation Layer
B. Business Logic Layer
C. Data Access Layer
D. Client Layer
1
, SANS SEC522: Application Security: Securing Web Apps,
APIs, and Microservices
Correct Answer: C
Explanation: The Data Access Layer in a three-tier architecture is responsible for interacting
directly with the database, handling data retrieval and storage.
4:Which of the following is a recent trend in web application attacks?
A. SQL Injection
B. Cross-Site Scripting (XSS)
C. Server-Side Request Forgery (SSRF)
D. Buffer Overflow
Correct Answer: C
Explanation: While SQL Injection and XSS are long-standing attack vectors, SSRF has
become a more recent trend, allowing attackers to make unauthorized requests from the
server.
5:What is the primary function of a Web Application Firewall (WAF)?
A. To prevent unauthorized physical access to the server
B. To filter and monitor HTTP traffic between a web application and the Internet
C. To manage database connections securely
D. To handle load balancing for web applications
Correct Answer: B
Explanation: A Web Application Firewall (WAF) filters, monitors, and blocks HTTP traffic
to and from a web application to protect against various attacks like SQL injection, XSS, and
others.
6:Which HTTP method is typically used to retrieve data without causing any side
effects on the server?
A. POST
2
, SANS SEC522: Application Security: Securing Web Apps,
APIs, and Microservices
B. PUT
C. GET
D. DELETE
Correct Answer: C
Explanation: The GET method is used to retrieve data from the server without making any
changes, making it idempotent and safe.
7:In the context of web application security, what does "environment isolation" refer
to?
A. Using separate physical servers for development and production
B. Ensuring that different environments (development, testing, production) are separated to
prevent unauthorized access and potential leaks
C. Isolating the user interface from the backend logic
D. Using different programming languages for different layers of the application
Correct Answer: B
Explanation: Environment isolation involves separating development, testing, and
production environments to prevent unauthorized access and potential leaks of sensitive data
or configurations.
8:Which of the following is NOT a component of the HTTP protocol?
A. Request Line
B. Headers
C. Body
D. Encrypted Payload
Correct Answer: D
3
, SANS SEC522: Application Security: Securing Web Apps,
APIs, and Microservices
Explanation: The HTTP protocol includes the request line, headers, and optionally a body.
Encrypted payloads are part of HTTPS, which is HTTP over TLS, but encryption is not a
component of HTTP itself.
9:Which authentication technology uses certificates to verify the identity of a user or
device?
A. OAuth
B. SAML
C. Mutual TLS (mTLS)
D. OpenID Connect
Correct Answer: C
Explanation: Mutual TLS (mTLS) uses certificates for both client and server to verify each
other's identities, providing strong authentication based on certificates.
10:What is the main advantage of using HTTP/3 over its predecessors?
A. It uses UDP instead of TCP for faster connection establishment.
B. It is a text-based protocol, making it easier to read.
C. It does not require encryption.
D. It is backward compatible with HTTP/1.1.
Correct Answer: A
Explanation: HTTP/3 uses QUIC, which is based on UDP, allowing for faster connection
establishment and improved performance over high-latency networks.
11:Which HTTP status code indicates that the request was successful and a new
resource was created?
A. 200 OK
B. 201 Created
4
