JavaScript MCQs – Security Best Practices

21.) What is the primary use of strict mode in JavaScript?

A) To optimize performance.
B) To enhance security by catching common coding errors.
C) To enforce HTTPS.
D) To prevent API misuse.

Answer: Option B

Explanation: Strict mode catches common coding mistakes, such as undeclared variables, helping developers write secure and reliable code

22.) Which storage type is most vulnerable to XSS attacks?

A) localStorage
B) sessionStorage
C) cookies
D) cache

Answer: Option A

Explanation: localStorage is accessible via JavaScript, making it vulnerable to XSS attacks if proper precautions are not taken.

23.) What type of attack is prevented by using the X-Frame-Options header?

A) clickjacking
B) sniffing
C) phishing
D) injection

Answer: Option A

Explanation: The X-Frame-Options header protects against clickjacking by preventing the website from being loaded in iframes.

24.) What is a potential risk of using inline JavaScript?

A) Reduced performance.
B) Difficulty in debugging.
C) Exposure to XSS attacks.
D) Increased file size.

Answer: Option C

Explanation: Inline JavaScript is more vulnerable to XSS attacks as it can execute untrusted content injected into the page.

25.) How can developers avoid exposing sensitive information in source maps?

A) Disable source maps in production.
B) Use unminified files.
C) Store source maps in cookies.
D) Avoid debugging tools.

Answer: Option A

Explanation: Disabling source maps in production prevents exposing sensitive code details to attackers.

26.) Why is it important to set an expiration time for JWTs (JSON Web Tokens)?

A) To reduce server load.
B) To prevent unauthorized access after a specific time.
C) To improve token generation speed.
D) To simplify authentication.

Answer: Option B

Explanation: Setting expiration times ensures tokens become invalid after a specific period, reducing the risk of misuse.

27.) What is the purpose of a nonce attribute in a CSP?

A) To prevent HTTP requests.
B) To block all external scripts.
C) To encrypt inline scripts.
D) To allow specific inline scripts to execute securely.

Answer: Option D

Explanation: Nonces are unique tokens that allow only specific inline scripts to execute, mitigating XSS risks.

Pages: 1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *