SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. OSI layer responsible for network processes to application
cookie attacks
threat modeling
cookies
application
2. Two types of buffer overflows
javascript
cookie hijacking
stack and heap
physical
3. ARP stands for...
presentation
address resolution protocol
buffer overflow
XSS attacks
4. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
data link
data link
application
cookie hijacking
5. The unauthorized modification of the data stored within a cookie
authenticode
cookie poisoning
security objective definition
zones
6. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
cookie poisoning
application review
P2P
data link
7. Sensitive information stored within a cookie that is obtained by unauthorized users
security objective definition
cookie leaking
bytecode verifier
heap
8. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
application review
physical
sandboxing
XSS attacks
9. COTS stands for
IM
application review
common off the shelf
peer to peer
10. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
ActiveX
application layer
data link
application decomposition
11. Protocols used in this layer - IP
network
P2P
buffer overflow
presentation
12. Area of the memory where function calls are stored
stack
XSS attacks
open mail relay
application decomposition
13. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
vbscript and jscript
persistent cookie
ARP spoofing
cookie hijacking
14. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
zones
presentation
buffer overflow
data link
15. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
vbscript and jscript
application decomposition
application gateways
application
16. Can filter out most buffer overflow attacks
IM
sandboxing
physical
application gateways
17. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie attacks
drive by download
persistent cookie
javascript
18. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
application layer
input validation criteria
network
P2P
19. Type - length - format - range
javascript
input validation criteria
IM
common off the shelf
20. Can leave the sandbox and obtain access to client resources
transport
threat modeling
misconfigured mail server
digitally signed java control
21. OSI model layers
Application - Presentation - Session - Transport - Network - Data Link - Physical
cookie hijacking
data link
presentation
22. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
digitally signed java control
authenticode
P2P
persistent cookie
23. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
network
vbscript and jscript
stored XSS
reflected and stored
24. Phases of threat modeling
ActiveX
application
data link
security objective definition - application review - application decomposition - threat identification - vulnerability identification
25. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
common off the shelf
ActiveX
IM
threat modeling
26. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
physical
buffer overflow
reflected and stored
stack and heap
27. Used by java to verify the code for a list of predetermined insecurities
bytecode verifier
security objective definition
stack
reflected and stored
28. OSI layer that provides transparent transfer of data between end users
reflected XSS
application
transport
javascript
29. Deleted when the user closes their web browser - can contain authentication-related information
session cookie
application layer
drive by download
cookie poisoning
30. A scripting language - developed by Netscape to perform client-side web development
javascript
cookie leaking
Internet - Local Intranet - Trusted Sites - Restricted Sites
session - persistent - tracking
31. OSI layer attributed with 75% of malicious attacks
sandboxing
heap
application
common off the shelf
32. Categories of XSS
zones
reflected and stored
application
input validation
33. OSI layer that relates to the physical connection of two devices (i.e. RS-232
physical
stored XSS
stack and heap
security objective definition - application review - application decomposition - threat identification - vulnerability identification
34. Protocols in this layer NNTP
bytecode verifier
data link
IM
application
35. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
zones
reflected XSS
input validation criteria
javascript
36. A named collection of Web sites that can be assigned a specific security level
stack
zones
threat modeling
open mail relay
37. Process to identify and assess a system's security risks
data link
java
application
threat modeling
38. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
physical
application
session cookie
transport
39. OSI layer responsible for path determination and logical addressing - routers operate at this layer
network
open mail relay
zones
application review
40. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
XSS
XSS attacks
heap
stack and heap
41. Protocols used in this layer (ARP
security objective definition - application review - application decomposition - threat identification - vulnerability identification
data link
session
threat identification
42. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
vulnerability identification
digitally signed java control
XSS
stack
43. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
tracking cookie
P2P
cookie hijacking
data link
44. Tools used to capture packets of data off a network and allow viewing of contents
transport
java
javascript
packet sniffer
45. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
session
java
cookies
common off the shelf
46. Used to record user's web activity - may be downloaded in the background
ARP spoofing
tracking cookie
data link
presentation
47. Area of the memory where dynamically allocated variables are stored
heap
application layer
ActiveX
vbscript and jscript
48. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
sandboxing
drive by download
application gateways
application
49. Cause of open SMTP relays
misconfigured mail server
P2P
bytecode verifier
application
50. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
cookie attacks
security objective definition
cookie leaking
network