1. What is a common web application attack? ______. SQL Injection.
a) Screen glare. (Bildschirmblendung.)
b) SQL Injection. (SQL-Injection.)
c) Battery overheating. (Akküüberhitzung.)

2. What does HTTPS provide for web users? ______. Encrypted communication between browser and server.
a) Encrypted communication between browser and server. (Verschlüsselte Kommunikation zwischen Browser und Server.)
b) Faster internet speed automatically. (Automatisch schnelleres Internet.)
c) Unlimited storage space. (Unbegrenzter Speicherplatz.)

3. What is Cross-Site Scripting (XSS)? ______. Injecting malicious scripts into web pages.
a) Injecting malicious scripts into web pages. (Bösartige Skripte in Webseiten einschleusen.)
b) Increasing page loading speed. (Seitenladezeit erhöhen.)
c) Compressing images automatically. (Bilder automatisch komprimieren.)

4. Why is input validation important in web apps? ______. It helps prevent malicious data from being processed.
a) It helps prevent malicious data from being processed. (Es verhindert die Verarbeitung bösartiger Daten.)
b) It improves website colors. (Es verbessert Website-Farben.)
c) It increases screen resolution. (Es erhöht die Bildschirmauflösung.)

5. What does authentication ensure? ______. Users are who they claim to be.
a) Pages load faster. (Seiten laden schneller.)
b) Users are who they claim to be. (Nutzer sind, wer sie vorgeben zu sein.)
c) Servers never fail. (Server fallen nie aus.)

6. What is authorization in web security? ______. Controlling what authenticated users can access.
a) Controlling what authenticated users can access. (Steuern, worauf authentifizierte Nutzer zugreifen dürfen.)
b) Increasing internet bandwidth. (Internetbandbreite erhöhen.)
c) Turning off encryption. (Verschlüsselung ausschalten.)

7. What does a Web Application Firewall (WAF) do? ______. Filters malicious web traffic.
a) Filters malicious web traffic. (Filtert bösartigen Webverkehr.)
b) Improves monitor brightness. (Verbessert Monitorhelligkeit.)
c) Increases keyboard speed. (Erhöht Tastaturgeschwindigkeit.)

8. What is Cross-Site Request Forgery (CSRF)? ______. Tricking users into performing unwanted actions.
a) Increasing page design complexity. (Design komplexer machen.)
b) Tricking users into performing unwanted actions. (Nutzer zu unerwünschten Aktionen verleiten.)
c) Encrypting images automatically. (Bilder automatisch verschlüsseln.)

9. Why are strong session cookies important? ______. They help prevent session hijacking.
a) They help prevent session hijacking. (Sie helfen, Sitzungsübernahmen zu verhindern.)
b) They increase screen size. (Sie vergrößern den Bildschirm.)
c) They improve Wi-Fi range. (Sie verbessern WLAN-Reichweite.)

10. What is the purpose of security headers? ______. They enforce browser security protections.
a) They enforce browser security protections. (Sie erzwingen Browser-Sicherheitsmaßnahmen.)
b) They make websites colorful. (Sie machen Websites farbig.)
c) They increase download speed. (Sie erhöhen Downloadgeschwindigkeit.)

11. What is a strong password storage method? ______. Hashing with salt.
a) Saving passwords in plain text. (Passwörter im Klartext speichern.)
b) Hashing with salt. (Hashing mit Salt.)
c) Writing passwords in logs. (Passwörter in Logs schreiben.)

12. Why should error messages be generic? ______. Detailed errors may reveal system information.
a) Detailed errors may reveal system information. (Detaillierte Fehler können Systeminfos preisgeben.)
b) They make pages slower. (Sie machen Seiten langsamer.)
c) They remove user accounts. (Sie löschen Nutzerkonten.)

13. What is the purpose of rate limiting? ______. Prevent brute-force and abuse attacks.
a) Prevent brute-force and abuse attacks. (Brute-Force und Missbrauch verhindern.)
b) Increase page design quality. (Designqualität erhöhen.)
c) Improve image resolution. (Bildauflösung verbessern.)

14. What is the goal of secure API authentication? ______. Ensure only authorized systems access APIs.
a) Ensure only authorized systems access APIs. (Nur autorisierte Systeme greifen auf APIs zu.)
b) Increase server temperature. (Servertemperatur erhöhen.)
c) Reduce database storage. (Datenbankspeicher reduzieren.)

15. Why use Content Security Policy (CSP)? ______. Reduce the risk of XSS attacks.
a) Improve screen brightness. (Bildschirmhelligkeit verbessern.)
b) Reduce the risk of XSS attacks. (Risiko von XSS reduzieren.)
c) Increase keyboard speed. (Tastaturgeschwindigkeit erhöhen.)

16. What is secure file upload validation? ______. Checking file type, size, and content before accepting uploads.
a) Checking file type, size, and content before accepting uploads. (Dateityp, Größe und Inhalt vor Upload prüfen.)
b) Allowing all file uploads automatically. (Alle Uploads automatisch erlauben.)
c) Disabling antivirus scanning. (Antivirus deaktivieren.)

17. What is clickjacking protection? ______. Preventing hidden malicious UI overlays.
a) Preventing hidden malicious UI overlays. (Verhindert versteckte bösartige UI-Überlagerungen.)
b) Increasing image resolution. (Bildauflösung erhöhen.)
c) Reducing CPU usage. (CPU-Nutzung reduzieren.)

18. Why use strong access control? ______. Ensure users access only permitted resources.
a) Improve screen color. (Bildschirmfarbe verbessern.)
b) Ensure users access only permitted resources. (Zugriff nur auf erlaubte Ressourcen sicherstellen.)
c) Increase storage size. (Speicher vergrößern.)

19. What is the purpose of vulnerability scanning? ______. Identify security weaknesses in applications.
a) Identify security weaknesses in applications. (Sicherheitslücken in Anwendungen erkennen.)
b) Increase page load time. (Ladezeit erhöhen.)
c) Improve font size. (Schriftgröße verbessern.)

20. Why use secure cookies (HttpOnly, Secure)? ______. Protect session cookies from theft.
a) Protect session cookies from theft. (Session-Cookies vor Diebstahl schützen.)
b) Increase page brightness. (Seitenhelligkeit erhöhen.)
c) Disable login pages. (Loginseiten deaktivieren.)

21. What is the role of logging and monitoring? ______. Detect suspicious activity and incidents.
a) Detect suspicious activity and incidents. (Verdächtige Aktivitäten erkennen.)
b) Increase storage automatically. (Speicher automatisch erhöhen.)
c) Remove user accounts. (Nutzerkonten entfernen.)

22. Why implement account lockout policies? ______. Reduce brute-force login attempts.
a) Improve website colors. (Websitefarben verbessern.)
b) Reduce brute-force login attempts. (Brute-Force Loginversuche reduzieren.)
c) Increase internet speed. (Internetgeschwindigkeit erhöhen.)

23. What is secure configuration management? ______. Ensuring servers and apps use hardened settings.
a) Ensuring servers and apps use hardened settings. (Sichere Server- und App-Konfigurationen sicherstellen.)
b) Changing website logos weekly. (Logos wöchentlich ändern.)
c) Increasing file sizes. (Dateigrößen erhöhen.)

24. What is the purpose of penetration testing? ______. Simulate attacks to identify weaknesses.
a) Increase server temperature. (Servertemperatur erhöhen.)
b) Simulate attacks to identify weaknesses. (Angriffe simulieren, um Schwachstellen zu finden.)
c) Improve website fonts. (Schriftarten verbessern.)

25. What is the main goal of web application security? ______. Protect web apps and user data from attacks.
a) Improve page animations. (Animationen verbessern.)
b) Protect web apps and user data from attacks. (Webanwendungen und Nutzerdaten vor Angriffen schützen.)
c) Increase screen resolution. (Bildschirmauflösung erhöhen.)