Scribd
Upload
106 views4 pages

CWE: Understanding Software Weaknesses

Uploaded by

Klaus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
106 views4 pages

CWE: Understanding Software Weaknesses

Uploaded by

Klaus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

1. What does CWE stand for?

• A) Common Web Exploits

• B) Common Weakness Enumeration

• C) Critical Web Exposure

• D) Common Web Exposures

Answer: B) Common Weakness Enumeration

2. What is the purpose of CWE?

• A) To categorize common vulnerabilities based on their severity

• B) To provide a framework for identifying and understanding software


weaknesses

• C) To assign a CVSS score to each vulnerability

• D) To create patches for identified vulnerabilities

Answer: B) To provide a framework for identifying and understanding software


weaknesses

3. Which organization manages the CWE initiative?

• A) NIST (National Institute of Standards and Technology)

• B) MITRE Corporation

• C) Open Web Application Security Project (OWASP)

• D) ISO/IEC

Answer: B) MITRE Corporation

4. Which of the following is a key focus of the CWE list?

• A) Providing CVE IDs for vulnerabilities

• B) Identifying coding errors that can lead to vulnerabilities

• C) Identifying attack vectors

• D) Offering solutions for patching vulnerabilities

Answer: B) Identifying coding errors that can lead to vulnerabilities

5. Which of the following is an example of a CWE weakness?

• A) Buffer Overflow

• B) SQL Injection
• C) Cross-Site Scripting (XSS)

• D) All of the above

Answer: D) All of the above

6. How are weaknesses categorized in CWE?

• A) By software type (e.g., Web apps, mobile apps)

• B) By severity level (e.g., Critical, High, Medium, Low)

• C) By their underlying cause, such as coding flaws or design issues

• D) By the number of exploits reported

Answer: C) By their underlying cause, such as coding flaws or design issues

7. What type of weaknesses does CWE primarily focus on?

• A) Network vulnerabilities

• B) Configuration errors in hardware

• C) Software-related vulnerabilities caused by design or coding flaws

• D) Hardware vulnerabilities

Answer: C) Software-related vulnerabilities caused by design or coding flaws

8. Which of the following is a typical example of a CWE weakness code?

• A) CWE-79

• B) CWE-352

• C) CWE-120

• D) All of the above

Answer: D) All of the above

9. How can organizations use the CWE list?

• A) To prioritize security efforts and reduce risk by addressing common


weaknesses

• B) To report security breaches to the authorities

• C) To request patches for vulnerabilities

• D) To monitor active cyberattacks

Answer: A) To prioritize security efforts and reduce risk by addressing common


weaknesses
10. Which of the following weaknesses is categorized under CWE?

• A) Insufficient Input Validation

• B) Hardcoded Passwords

• C) Insecure Cryptographic Storage

• D) All of the above

Answer: D) All of the above

11. What is the purpose of CWE-89 (SQL Injection)?

• A) To demonstrate insecure access control practices

• B) To describe vulnerabilities caused by improper input validation in SQL queries

• C) To show how buffer overflows work

• D) To highlight issues in web browser security

Answer: B) To describe vulnerabilities caused by improper input validation in SQL


queries

12. Which of the following is NOT a common weakness found in the CWE list?

• A) Lack of proper authentication

• B) Unvalidated redirects and forwards

• C) Missing comments in code

• D) Cross-Site Scripting (XSS)

Answer: C) Missing comments in code

13. How are weaknesses in CWE typically addressed?

• A) By implementing security testing and applying secure coding practices

• B) By installing antivirus software

• C) By changing software vendors

• D) By blocking all incoming network traffic

Answer: A) By implementing security testing and applying secure coding practices

14. Which of the following describes a "race condition" as per CWE?

• A) A situation where software improperly handles multiple threads or processes,


causing vulnerabilities

• B) A flaw caused by the failure to secure the database


• C) A situation where a malicious user gains admin access through weak
passwords

• D) A vulnerability due to missing encryption

Answer: A) A situation where software improperly handles multiple threads or


processes, causing vulnerabilities

15. Which of the following best describes CWE-120 (Buffer Copy without Checking
Size of Input)?

• A) A vulnerability that occurs when data is copied into a buffer without checking
the length of the input, potentially leading to buffer overflow

• B) A situation where data is exposed due to improper encryption

• C) An issue where an application fails to sanitize input, leading to SQL injection

• D) A flaw in encryption algorithms

Answer: A) A vulnerability that occurs when data is copied into a buffer without
checking the length of the input, potentially leading to buffer overflow

You might also like