SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
XSS attacks
common off the shelf
sandboxing
transport
2. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
application decomposition
bytecode verifier
network
cookie hijacking
3. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
address resolution protocol
data link
ActiveX
session
4. OSI layer that establishes - manages and terminates the connections between the local and remote application
authenticode
stack
session
application review
5. XSS stands for
address resolution protocol
javascript
cross-site scripting
session cookie
6. A scripting language - developed by Netscape to perform client-side web development
heap
javascript
address resolution protocol
cookie hijacking
7. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
network
cookie leaking
application layer
ARP spoofing
8. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
common off the shelf
XSS attacks
peer to peer
application gateways
9. OSI layer responsible for path determination and logical addressing - routers operate at this layer
XSS attacks
transport
ActiveX
network
10. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
XSS
input validation
heap
open mail relay
11. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
bytecode verifier
application review
XSS
open mail relay
12. OSI layer responsible for data representation and encryption (MIME
Application - Presentation - Session - Transport - Network - Data Link - Physical
presentation
security objective definition
network
13. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
zones
stored XSS
transport
security objective definition - application review - application decomposition - threat identification - vulnerability identification
14. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
vulnerability identification
data link
drive by download
vbscript and jscript
15. OSI model layers
cross-site scripting
P2P
Application - Presentation - Session - Transport - Network - Data Link - Physical
stack
16. A named collection of Web sites that can be assigned a specific security level
stack and heap
application
zones
bytecode verifier
17. ARP stands for...
address resolution protocol
vbscript and jscript
data link
cross-site scripting
18. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
peer to peer
java
address resolution protocol
digitally signed java control
19. Deleted when the user closes their web browser - can contain authentication-related information
data link
transport
cross-site scripting
session cookie
20. Security zone options offered by Internet Explorer
Internet - Local Intranet - Trusted Sites - Restricted Sites
cookie poisoning
application review
sandboxing
21. Type - length - format - range
javascript
persistent cookie
physical
input validation criteria
22. OSI layer that provides interhost communication (Named Pipes
XSS
session
misconfigured mail server
input validation
23. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
java
peer to peer
transport
application
24. OSI layer responsible for network processes to application
application decomposition
zones
presentation
application
25. OSI layer that relates to the physical connection of two devices (i.e. RS-232
cookie hijacking
physical
IM
session
26. Protocols in this layer NNTP
XSS attacks
zones
application
cookie hijacking
27. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
application
stack
input validation
session
28. Area of the memory where dynamically allocated variables are stored
reflected and stored
data link
heap
threat identification
29. Tools used to capture packets of data off a network and allow viewing of contents
XSS
vulnerability identification
cookie hijacking
packet sniffer
30. Used to record user's web activity - may be downloaded in the background
physical
transport
tracking cookie
session cookie
31. Can leave the sandbox and obtain access to client resources
digitally signed java control
security objective definition
drive by download
ActiveX
32. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
drive by download
address resolution protocol
cookie hijacking
IM
33. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
application
application
data link
IM
34. OSI layer attributed with 75% of malicious attacks
data link
application
network
physical
35. P2P stands for...
data link
input validation criteria
application review
peer to peer
36. Sensitive information stored within a cookie that is obtained by unauthorized users
data link
XSS
threat modeling
cookie leaking
37. Can filter out most buffer overflow attacks
security objective definition - application review - application decomposition - threat identification - vulnerability identification
application gateways
application decomposition
sandboxing
38. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
Application - Presentation - Session - Transport - Network - Data Link - Physical
data link
application decomposition
heap
39. Protocols used in this layer (ARP
data link
packet sniffer
cross-site scripting
common off the shelf
40. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
security objective definition
physical
open mail relay
application review
41. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
application layer
network
reflected XSS
security objective definition - application review - application decomposition - threat identification - vulnerability identification
42. Categories of XSS
java
reflected and stored
application gateways
threat identification
43. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
presentation
cookies
reflected XSS
security objective definition
44. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
session
input validation criteria
input validation
persistent cookie
45. Used by java to verify the code for a list of predetermined insecurities
misconfigured mail server
bytecode verifier
authenticode
tracking cookie
46. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
input validation criteria
tracking cookie
address resolution protocol
threat identification
47. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie attacks
cookie hijacking
application gateways
digitally signed java control
48. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
application review
threat modeling
transport
stack
49. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
presentation
input validation
cookies
XSS
50. Process to identify and assess a system's security risks
threat modeling
XSS
sandboxing
application review