Test your basic knowledge |

Comptia Security +: Domain4 Application Security

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
address resolution protocol
cross-site scripting
vulnerability identification
digitally signed java control

2. Can filter out most buffer overflow attacks
application gateways
tracking cookie
presentation
application

3. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
transport
buffer overflow
session cookie
data link

4. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
stack
data link
physical
security objective definition - application review - application decomposition - threat identification - vulnerability identification

5. COTS stands for
common off the shelf
cookie attacks
XSS
session cookie

6. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
cookie poisoning
address resolution protocol
P2P

7. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
P2P
cookie attacks
Application - Presentation - Session - Transport - Network - Data Link - Physical
threat modeling

8. Used to record user's web activity - may be downloaded in the background
tracking cookie
cookie hijacking
packet sniffer
physical

9. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
cookie attacks
data link
P2P
security objective definition

10. Cause of open SMTP relays
ARP spoofing
zones
misconfigured mail server
P2P

11. The unauthorized modification of the data stored within a cookie
open mail relay
cross-site scripting
cookie poisoning
XSS

12. A named collection of Web sites that can be assigned a specific security level
network
zones
P2P
data link

13. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
presentation
zones
javascript
heap

14. Three main cookie types
peer to peer
java
session - persistent - tracking
application decomposition

15. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
ActiveX
network
application
persistent cookie

16. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
stored XSS
digitally signed java control
presentation
peer to peer

17. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
transport
open mail relay
cookies
Internet - Local Intranet - Trusted Sites - Restricted Sites

18. Protocols used in this layer (ARP
buffer overflow
security objective definition
data link
XSS

19. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application decomposition
XSS
peer to peer
stack and heap

20. Categories of XSS
reflected and stored
application layer
javascript
digitally signed java control

21. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
misconfigured mail server
IM
vbscript and jscript
cookies

22. P2P stands for...
IM
application
session cookie
peer to peer

23. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
cross-site scripting
data link
application
network

24. Deleted when the user closes their web browser - can contain authentication-related information
application layer
peer to peer
cookie leaking
session cookie

25. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
application layer
open mail relay
threat identification
physical

26. Protocols used in this layer - IP
P2P
network
java
Internet - Local Intranet - Trusted Sites - Restricted Sites

27. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
digitally signed java control
drive by download
presentation
data link

28. Used by java to verify the code for a list of predetermined insecurities
network
bytecode verifier
Application - Presentation - Session - Transport - Network - Data Link - Physical
cookie hijacking

29. Area of the memory where function calls are stored
peer to peer
cookie poisoning
stack
reflected XSS

30. A scripting language - developed by Netscape to perform client-side web development
heap
network
transport
javascript

31. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
physical
sandboxing
application
application layer

32. OSI layer that provides transparent transfer of data between end users
input validation criteria
data link
session
transport

33. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
session
IM
misconfigured mail server
threat identification

34. Sensitive information stored within a cookie that is obtained by unauthorized users
vulnerability identification
network
sandboxing
cookie leaking

35. Protocols in this layer NNTP
stack and heap
reflected XSS
application
cookie hijacking

36. OSI layer that relates to the physical connection of two devices (i.e. RS-232
physical
cookie leaking
bytecode verifier
ARP spoofing

37. Area of the memory where dynamically allocated variables are stored
XSS attacks
heap
threat identification
bytecode verifier

38. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
packet sniffer
cookie attacks
cookie hijacking
cookie poisoning

39. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
cross-site scripting
application
XSS
open mail relay

40. Can leave the sandbox and obtain access to client resources
cookie leaking
digitally signed java control
network
threat modeling

41. ARP stands for...
address resolution protocol
threat modeling
application review
P2P

42. Process to identify and assess a system's security risks
physical
session
threat modeling
transport

43. OSI layer that provides interhost communication (Named Pipes
threat identification
session
persistent cookie
ActiveX

44. Phases of threat modeling
security objective definition - application review - application decomposition - threat identification - vulnerability identification
presentation
tracking cookie
data link

45. Type - length - format - range
application
input validation criteria
java
cookie hijacking

46. OSI layer responsible for data representation and encryption (MIME
peer to peer
presentation
network
cookie hijacking

47. OSI layer that establishes - manages and terminates the connections between the local and remote application
peer to peer
application gateways
session
misconfigured mail server

48. Two types of buffer overflows
data link
address resolution protocol
ActiveX
stack and heap

49. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
stored XSS
data link
open mail relay
presentation

50. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
application
application
physical
buffer overflow