Test your basic knowledge |

Comptia Security +: Domain4 Application Security

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed






2. Used to record user's web activity - may be downloaded in the background






3. Type - length - format - range






4. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks






5. Can filter out most buffer overflow attacks






6. ARP stands for...






7. Area of the memory where dynamically allocated variables are stored






8. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences






9. OSI layer responsible for network processes to application






10. Area of the memory where function calls are stored






11. Used by java to verify the code for a list of predetermined insecurities






12. Security objectives placed on an application are identified - controlling the scope of the threat modeling process






13. OSI model layers






14. Process to identify and assess a system's security risks






15. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer






16. Two types of buffer overflows






17. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for






18. Cause of open SMTP relays






19. OSI layer that provides interhost communication (Named Pipes






20. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)






21. OSI layer that provides transparent transfer of data between end users






22. Categories of XSS






23. Phases of threat modeling






24. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against






25. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.






26. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code






27. OSI layer attributed with 75% of malicious attacks






28. A named collection of Web sites that can be assigned a specific security level






29. Malicious code stored in a web application that is downloaded and executed without the user's knowledge






30. Security zone options offered by Internet Explorer






31. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling






32. OSI layer responsible for data representation and encryption (MIME






33. OSI layer that establishes - manages and terminates the connections between the local and remote application






34. Deleted when the user closes their web browser - can contain authentication-related information






35. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection






36. Protocols used in this layer (ARP






37. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie






38. Can leave the sandbox and obtain access to client resources






39. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code






40. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with






41. COTS stands for






42. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______






43. OSI layer that relates to the physical connection of two devices (i.e. RS-232






44. Tools used to capture packets of data off a network and allow viewing of contents






45. A scripting language - developed by Netscape to perform client-side web development






46. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling






47. OSI layer responsible for end-to-end connections and reliability (i.e. TCP






48. XSS stands for






49. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries






50. P2P stands for...






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests