SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
cookie poisoning
address resolution protocol
presentation
cookie leaking
2. P2P stands for...
authenticode
peer to peer
drive by download
session cookie
3. Sensitive information stored within a cookie that is obtained by unauthorized users
javascript
presentation
session cookie
cookie leaking
4. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
stack and heap
reflected XSS
threat modeling
cookie hijacking
5. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
persistent cookie
Internet - Local Intranet - Trusted Sites - Restricted Sites
XSS attacks
application decomposition
6. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
transport
session
XSS
buffer overflow
7. ARP stands for...
cookies
address resolution protocol
peer to peer
stored XSS
8. Cause of open SMTP relays
misconfigured mail server
open mail relay
cookie hijacking
security objective definition
9. Three main cookie types
stack
IM
security objective definition - application review - application decomposition - threat identification - vulnerability identification
session - persistent - tracking
10. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
sandboxing
stack and heap
security objective definition - application review - application decomposition - threat identification - vulnerability identification
network
11. Categories of XSS
application
packet sniffer
reflected and stored
XSS
12. Can leave the sandbox and obtain access to client resources
vbscript and jscript
digitally signed java control
physical
application
13. OSI layer that relates to the physical connection of two devices (i.e. RS-232
authenticode
physical
buffer overflow
security objective definition
14. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
packet sniffer
stack and heap
XSS
cookies
15. The unauthorized modification of the data stored within a cookie
vulnerability identification
cookie poisoning
stack and heap
stack
16. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
misconfigured mail server
application layer
reflected XSS
stored XSS
17. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
physical
digitally signed java control
persistent cookie
threat identification
18. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
security objective definition
packet sniffer
P2P
sandboxing
19. OSI layer responsible for network processes to application
application
network
data link
session - persistent - tracking
20. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
presentation
physical
peer to peer
stack and heap
21. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
stack
threat identification
physical
input validation
22. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
ActiveX
drive by download
vulnerability identification
application
23. OSI model layers
presentation
cookies
input validation criteria
Application - Presentation - Session - Transport - Network - Data Link - Physical
24. XSS stands for
bytecode verifier
tracking cookie
cross-site scripting
authenticode
25. Deleted when the user closes their web browser - can contain authentication-related information
bytecode verifier
drive by download
session cookie
transport
26. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
data link
peer to peer
physical
heap
27. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application decomposition
zones
threat modeling
ARP spoofing
28. Two types of buffer overflows
P2P
stack and heap
session
network
29. Used to record user's web activity - may be downloaded in the background
persistent cookie
threat modeling
tracking cookie
network
30. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
application layer
cookie leaking
peer to peer
stack
31. Process to identify and assess a system's security risks
physical
heap
application
threat modeling
32. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
physical
P2P
data link
packet sniffer
33. A named collection of Web sites that can be assigned a specific security level
transport
zones
java
application gateways
34. A scripting language - developed by Netscape to perform client-side web development
authenticode
transport
stack
javascript
35. Protocols in this layer NNTP
application gateways
application
data link
network
36. Area of the memory where dynamically allocated variables are stored
input validation
heap
Internet - Local Intranet - Trusted Sites - Restricted Sites
application
37. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie attacks
session cookie
digitally signed java control
application review
38. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
application gateways
reflected and stored
vulnerability identification
application decomposition
39. Area of the memory where function calls are stored
stack
application gateways
cookie poisoning
application
40. OSI layer that establishes - manages and terminates the connections between the local and remote application
digitally signed java control
input validation
drive by download
session
41. Protocols used in this layer - IP
physical
cookie attacks
ARP spoofing
network
42. Used by java to verify the code for a list of predetermined insecurities
application
stack and heap
bytecode verifier
java
43. COTS stands for
common off the shelf
stored XSS
buffer overflow
presentation
44. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
application layer
bytecode verifier
cookie poisoning
IM
45. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
cross-site scripting
misconfigured mail server
heap
input validation
46. Security zone options offered by Internet Explorer
application gateways
cookie poisoning
Internet - Local Intranet - Trusted Sites - Restricted Sites
authenticode
47. OSI layer responsible for path determination and logical addressing - routers operate at this layer
Internet - Local Intranet - Trusted Sites - Restricted Sites
input validation criteria
network
common off the shelf
48. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
physical
vbscript and jscript
sandboxing
session
49. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
cross-site scripting
security objective definition
sandboxing
data link
50. Type - length - format - range
input validation criteria
peer to peer
data link
data link