SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Area of the memory where dynamically allocated variables are stored
persistent cookie
heap
physical
session
2. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
misconfigured mail server
ActiveX
java
network
3. A scripting language - developed by Netscape to perform client-side web development
common off the shelf
javascript
input validation
P2P
4. ARP stands for...
address resolution protocol
Internet - Local Intranet - Trusted Sites - Restricted Sites
reflected and stored
javascript
5. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
ARP spoofing
XSS attacks
transport
6. Can leave the sandbox and obtain access to client resources
digitally signed java control
data link
drive by download
packet sniffer
7. Categories of XSS
P2P
address resolution protocol
reflected and stored
digitally signed java control
8. Protocols used in this layer - IP
data link
peer to peer
persistent cookie
network
9. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
tracking cookie
stack and heap
application review
vbscript and jscript
10. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
address resolution protocol
vulnerability identification
open mail relay
network
11. OSI layer responsible for data representation and encryption (MIME
presentation
java
persistent cookie
tracking cookie
12. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
threat identification
application decomposition
presentation
IM
13. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
sandboxing
persistent cookie
ARP spoofing
application review
14. Three main cookie types
ActiveX
cookie leaking
session - persistent - tracking
application decomposition
15. Security zone options offered by Internet Explorer
drive by download
cookie hijacking
presentation
Internet - Local Intranet - Trusted Sites - Restricted Sites
16. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
digitally signed java control
java
cross-site scripting
data link
17. A named collection of Web sites that can be assigned a specific security level
zones
Application - Presentation - Session - Transport - Network - Data Link - Physical
ActiveX
application
18. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
drive by download
P2P
presentation
ARP spoofing
19. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
stack and heap
authenticode
cookie attacks
tracking cookie
20. Process to identify and assess a system's security risks
sandboxing
threat identification
threat modeling
network
21. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
XSS
session - persistent - tracking
data link
bytecode verifier
22. Used to record user's web activity - may be downloaded in the background
presentation
packet sniffer
reflected XSS
tracking cookie
23. Type - length - format - range
application review
P2P
stack
input validation criteria
24. Tools used to capture packets of data off a network and allow viewing of contents
P2P
packet sniffer
application
cookie attacks
25. OSI layer responsible for path determination and logical addressing - routers operate at this layer
physical
drive by download
network
ARP spoofing
26. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
data link
open mail relay
session
application layer
27. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
transport
application decomposition
open mail relay
zones
28. The unauthorized modification of the data stored within a cookie
cookie poisoning
peer to peer
threat identification
stack
29. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
buffer overflow
data link
sandboxing
presentation
30. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
IM
drive by download
P2P
misconfigured mail server
31. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
cookie attacks
security objective definition
packet sniffer
heap
32. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
IM
application layer
transport
heap
33. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
application
stack and heap
java
cookie attacks
34. OSI layer that provides interhost communication (Named Pipes
cross-site scripting
session
P2P
transport
35. OSI layer that establishes - manages and terminates the connections between the local and remote application
vbscript and jscript
physical
session
bytecode verifier
36. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
cookies
bytecode verifier
P2P
tracking cookie
37. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
transport
session
XSS
drive by download
38. Deleted when the user closes their web browser - can contain authentication-related information
session cookie
vulnerability identification
buffer overflow
Internet - Local Intranet - Trusted Sites - Restricted Sites
39. Protocols in this layer NNTP
application layer
P2P
input validation criteria
application
40. COTS stands for
common off the shelf
tracking cookie
sandboxing
session
41. Two types of buffer overflows
misconfigured mail server
stack and heap
transport
application decomposition
42. Protocols used in this layer (ARP
application
data link
reflected and stored
threat identification
43. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
P2P
sandboxing
application decomposition
session cookie
44. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
reflected XSS
persistent cookie
transport
ARP spoofing
45. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
IM
javascript
cookies
authenticode
46. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
authenticode
heap
P2P
Application - Presentation - Session - Transport - Network - Data Link - Physical
47. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
application review
XSS attacks
cookie poisoning
peer to peer
48. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
cookie hijacking
cookies
network
input validation
49. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
presentation
application layer
reflected XSS
threat identification
50. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
IM
ARP spoofing
data link
cross-site scripting