SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie attacks
XSS
reflected and stored
application
2. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
data link
tracking cookie
cookies
XSS attacks
3. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
threat identification
input validation criteria
drive by download
javascript
4. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
session
cookie hijacking
threat identification
cookie attacks
5. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application decomposition
reflected and stored
Internet - Local Intranet - Trusted Sites - Restricted Sites
zones
6. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
stack and heap
physical
transport
peer to peer
7. Type - length - format - range
input validation criteria
XSS attacks
cross-site scripting
session - persistent - tracking
8. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
security objective definition
presentation
transport
P2P
9. Cause of open SMTP relays
security objective definition
transport
misconfigured mail server
application
10. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
data link
sandboxing
misconfigured mail server
peer to peer
11. OSI layer responsible for data representation and encryption (MIME
java
data link
input validation criteria
presentation
12. Area of the memory where dynamically allocated variables are stored
input validation criteria
presentation
application review
heap
13. OSI layer that provides transparent transfer of data between end users
presentation
data link
transport
Internet - Local Intranet - Trusted Sites - Restricted Sites
14. OSI model layers
common off the shelf
session cookie
Application - Presentation - Session - Transport - Network - Data Link - Physical
heap
15. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
cross-site scripting
java
application
address resolution protocol
16. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
stored XSS
cookie hijacking
presentation
physical
17. Categories of XSS
ActiveX
reflected and stored
presentation
data link
18. Three main cookie types
XSS attacks
drive by download
session - persistent - tracking
session
19. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
network
buffer overflow
persistent cookie
sandboxing
20. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
misconfigured mail server
input validation
application review
Internet - Local Intranet - Trusted Sites - Restricted Sites
21. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
cookies
transport
authenticode
cross-site scripting
22. P2P stands for...
security objective definition - application review - application decomposition - threat identification - vulnerability identification
stored XSS
peer to peer
digitally signed java control
23. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
address resolution protocol
ActiveX
ARP spoofing
presentation
24. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
open mail relay
ActiveX
security objective definition
cookie hijacking
25. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
XSS
application
transport
session - persistent - tracking
26. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
physical
session - persistent - tracking
reflected XSS
stack
27. Can filter out most buffer overflow attacks
application gateways
peer to peer
application layer
P2P
28. Used to record user's web activity - may be downloaded in the background
application
tracking cookie
bytecode verifier
peer to peer
29. Security zone options offered by Internet Explorer
Internet - Local Intranet - Trusted Sites - Restricted Sites
physical
XSS attacks
open mail relay
30. The unauthorized modification of the data stored within a cookie
data link
cookie poisoning
presentation
open mail relay
31. OSI layer that provides interhost communication (Named Pipes
session
peer to peer
XSS attacks
network
32. XSS stands for
reflected and stored
physical
data link
cross-site scripting
33. COTS stands for
persistent cookie
javascript
ActiveX
common off the shelf
34. Deleted when the user closes their web browser - can contain authentication-related information
session cookie
data link
cookie poisoning
session
35. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
misconfigured mail server
XSS attacks
peer to peer
data link
36. Used by java to verify the code for a list of predetermined insecurities
threat identification
presentation
physical
bytecode verifier
37. Phases of threat modeling
security objective definition - application review - application decomposition - threat identification - vulnerability identification
ARP spoofing
threat modeling
P2P
38. Process to identify and assess a system's security risks
cookie leaking
threat identification
ARP spoofing
threat modeling
39. Two types of buffer overflows
stack and heap
cookie leaking
cookie hijacking
P2P
40. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
authenticode
application
sandboxing
stored XSS
41. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
presentation
drive by download
java
application
42. OSI layer attributed with 75% of malicious attacks
session - persistent - tracking
threat modeling
cookies
application
43. A named collection of Web sites that can be assigned a specific security level
presentation
digitally signed java control
data link
zones
44. OSI layer that establishes - manages and terminates the connections between the local and remote application
javascript
digitally signed java control
security objective definition
session
45. OSI layer responsible for network processes to application
drive by download
data link
stored XSS
application
46. Protocols in this layer NNTP
security objective definition - application review - application decomposition - threat identification - vulnerability identification
misconfigured mail server
buffer overflow
application
47. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
network
application layer
application
P2P
48. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
buffer overflow
reflected and stored
application
ARP spoofing
49. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
input validation criteria
presentation
vulnerability identification
application decomposition
50. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
cookies
peer to peer
ActiveX
cross-site scripting