SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Can filter out most buffer overflow attacks
application gateways
address resolution protocol
XSS attacks
threat modeling
2. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
presentation
digitally signed java control
physical
ActiveX
3. OSI layer that establishes - manages and terminates the connections between the local and remote application
session
presentation
input validation criteria
Internet - Local Intranet - Trusted Sites - Restricted Sites
4. Protocols used in this layer - IP
stored XSS
network
session cookie
authenticode
5. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie attacks
application layer
presentation
session
6. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
physical
vbscript and jscript
network
buffer overflow
7. Three main cookie types
cookie leaking
XSS
P2P
session - persistent - tracking
8. Tools used to capture packets of data off a network and allow viewing of contents
data link
sandboxing
packet sniffer
cookies
9. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
security objective definition - application review - application decomposition - threat identification - vulnerability identification
packet sniffer
cookie hijacking
application review
10. Can leave the sandbox and obtain access to client resources
digitally signed java control
zones
data link
transport
11. Area of the memory where function calls are stored
XSS attacks
stack
cookie attacks
open mail relay
12. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
vulnerability identification
physical
sandboxing
security objective definition - application review - application decomposition - threat identification - vulnerability identification
13. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
cross-site scripting
heap
transport
digitally signed java control
14. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
vulnerability identification
sandboxing
stack and heap
session
15. Protocols in this layer NNTP
input validation
session
application
physical
16. OSI layer that provides interhost communication (Named Pipes
data link
vbscript and jscript
session
stack and heap
17. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
vbscript and jscript
persistent cookie
application layer
application decomposition
18. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
authenticode
vulnerability identification
application review
P2P
19. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
ARP spoofing
Internet - Local Intranet - Trusted Sites - Restricted Sites
IM
data link
20. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
open mail relay
application decomposition
peer to peer
XSS
21. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
security objective definition
vbscript and jscript
stack and heap
P2P
22. OSI layer responsible for data representation and encryption (MIME
presentation
buffer overflow
cookie hijacking
physical
23. A named collection of Web sites that can be assigned a specific security level
session
cookie attacks
network
zones
24. OSI layer responsible for path determination and logical addressing - routers operate at this layer
vbscript and jscript
digitally signed java control
network
physical
25. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
IM
common off the shelf
session cookie
presentation
26. Used by java to verify the code for a list of predetermined insecurities
transport
java
application gateways
bytecode verifier
27. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
cookies
open mail relay
javascript
vbscript and jscript
28. OSI layer attributed with 75% of malicious attacks
application
common off the shelf
open mail relay
address resolution protocol
29. P2P stands for...
peer to peer
input validation criteria
application layer
reflected XSS
30. Cause of open SMTP relays
Application - Presentation - Session - Transport - Network - Data Link - Physical
misconfigured mail server
peer to peer
cookies
31. A scripting language - developed by Netscape to perform client-side web development
packet sniffer
javascript
application gateways
common off the shelf
32. XSS stands for
network
application
cross-site scripting
security objective definition
33. OSI layer that relates to the physical connection of two devices (i.e. RS-232
threat identification
misconfigured mail server
application layer
physical
34. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
transport
vbscript and jscript
physical
vulnerability identification
35. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
open mail relay
presentation
stack
tracking cookie
36. Process to identify and assess a system's security risks
tracking cookie
persistent cookie
session cookie
threat modeling
37. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
cookie leaking
vbscript and jscript
security objective definition
ActiveX
38. OSI layer responsible for network processes to application
zones
application
threat identification
packet sniffer
39. OSI model layers
packet sniffer
session
Application - Presentation - Session - Transport - Network - Data Link - Physical
session cookie
40. Sensitive information stored within a cookie that is obtained by unauthorized users
physical
address resolution protocol
cookie leaking
application
41. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
XSS attacks
P2P
reflected XSS
application
42. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
cookie poisoning
threat identification
Application - Presentation - Session - Transport - Network - Data Link - Physical
network
43. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
open mail relay
stored XSS
reflected and stored
presentation
44. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
P2P
session
address resolution protocol
vbscript and jscript
45. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
input validation criteria
address resolution protocol
cookies
data link
46. Area of the memory where dynamically allocated variables are stored
session - persistent - tracking
heap
application decomposition
data link
47. ARP stands for...
packet sniffer
session - persistent - tracking
network
address resolution protocol
48. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
application
network
presentation
49. OSI layer that provides transparent transfer of data between end users
session
stack and heap
transport
security objective definition
50. Security zone options offered by Internet Explorer
Internet - Local Intranet - Trusted Sites - Restricted Sites
threat identification
XSS
physical