Question No : 1
How do you detect missing Forward Secrecy support?
정답:
Explanation:
Question No : 2
How can you detect TLS downgrade attacks (e.g., FREAK, POODLE)?
정답:
Explanation:
Question No : 3
How do you detect support for client-side renegotiation DoS vectors?
정답:
Explanation:
Question No : 4
How do you test if HSTS (HTTP Strict Transport Security) is properly implemented?
정답:
Explanation:
Question No : 5
How do you detect certificate transparency (CT) violations?
정답:
Explanation:
Question No : 6
How do you validate the hostname in TLS certificates for mismatches?
정답:
Explanation:
Question No : 7
How do you detect TLS certificate chain issues (e.g., incomplete chain)?
정답:
Explanation:
Question No : 8
How do you identify support for insecure renegotiation in TLS?
정답:
Explanation:
Question No : 9
How do you test if a server accepts TLS connections with weak key lengths?
정답:
Explanation:
Question No : 10
How do you detect self-signed or expired TLS certificates?
정답:
Explanation:
Question No : 11
How do you check for weak cipher suites using testssl.sh?
정답:
Explanation:
Question No : 12
How do you verify the use of secure password hashing algorithms in a REST API-based app?
정답:
Explanation:
Question No : 13
How do you determine whether login tokens expire properly after logout?
정답:
Explanation:
Question No : 14
How do you identify credentials exposed in public repositories or configuration files?
정답:
Explanation:
Question No : 15
How do you analyze the strength of a mobile app’s password policy?
정답:
Explanation:
