SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. OSI layer responsible for data representation and encryption (MIME
digitally signed java control
application
java
presentation
2. Three main cookie types
P2P
common off the shelf
session - persistent - tracking
session
3. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
session
application
stack
application decomposition
4. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
cookie attacks
security objective definition
application
cookie leaking
5. OSI layer that provides transparent transfer of data between end users
application
transport
threat modeling
ARP spoofing
6. COTS stands for
common off the shelf
application review
presentation
session cookie
7. P2P stands for...
threat identification
peer to peer
reflected XSS
data link
8. ARP stands for...
address resolution protocol
reflected and stored
physical
application
9. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
tracking cookie
threat identification
reflected XSS
peer to peer
10. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
ActiveX
data link
stack
Application - Presentation - Session - Transport - Network - Data Link - Physical
11. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
session - persistent - tracking
common off the shelf
session cookie
12. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
transport
input validation
application review
peer to peer
13. Protocols used in this layer (ARP
cross-site scripting
zones
peer to peer
data link
14. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
peer to peer
XSS
input validation criteria
tracking cookie
15. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
application
address resolution protocol
stored XSS
heap
16. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
threat identification
cookie hijacking
open mail relay
ARP spoofing
17. OSI layer responsible for path determination and logical addressing - routers operate at this layer
P2P
network
buffer overflow
physical
18. Tools used to capture packets of data off a network and allow viewing of contents
packet sniffer
peer to peer
common off the shelf
input validation
19. Phases of threat modeling
security objective definition - application review - application decomposition - threat identification - vulnerability identification
presentation
cookie leaking
cookies
20. Used to record user's web activity - may be downloaded in the background
Internet - Local Intranet - Trusted Sites - Restricted Sites
application
bytecode verifier
tracking cookie
21. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
threat identification
cookie attacks
presentation
reflected and stored
22. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
presentation
application
stack
P2P
23. OSI layer attributed with 75% of malicious attacks
physical
network
security objective definition - application review - application decomposition - threat identification - vulnerability identification
application
24. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
application gateways
sandboxing
vbscript and jscript
P2P
25. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
cross-site scripting
cookie attacks
sandboxing
transport
26. OSI layer responsible for network processes to application
stored XSS
input validation
application
authenticode
27. Type - length - format - range
sandboxing
input validation criteria
input validation
Internet - Local Intranet - Trusted Sites - Restricted Sites
28. A scripting language - developed by Netscape to perform client-side web development
XSS attacks
javascript
persistent cookie
transport
29. Process to identify and assess a system's security risks
XSS
buffer overflow
threat modeling
cookie poisoning
30. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
threat identification
persistent cookie
heap
stored XSS
31. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
packet sniffer
threat identification
application layer
cookies
32. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
address resolution protocol
bytecode verifier
authenticode
input validation
33. Can filter out most buffer overflow attacks
input validation
application gateways
open mail relay
peer to peer
34. XSS stands for
session
persistent cookie
cross-site scripting
application gateways
35. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
XSS attacks
cookie poisoning
cookie hijacking
heap
36. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
drive by download
P2P
application
presentation
37. Security zone options offered by Internet Explorer
Internet - Local Intranet - Trusted Sites - Restricted Sites
cookie hijacking
XSS
data link
38. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
network
vulnerability identification
application
ARP spoofing
39. OSI layer that relates to the physical connection of two devices (i.e. RS-232
physical
ARP spoofing
reflected XSS
cross-site scripting
40. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
Internet - Local Intranet - Trusted Sites - Restricted Sites
data link
ActiveX
reflected and stored
41. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
cookie leaking
transport
java
persistent cookie
42. Protocols used in this layer - IP
network
cookie poisoning
heap
session cookie
43. OSI layer that establishes - manages and terminates the connections between the local and remote application
cookie poisoning
network
session
application
44. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
ActiveX
input validation criteria
application
ARP spoofing
45. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
buffer overflow
security objective definition - application review - application decomposition - threat identification - vulnerability identification
application
Internet - Local Intranet - Trusted Sites - Restricted Sites
46. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
javascript
session
zones
application review
47. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
zones
application layer
digitally signed java control
presentation
48. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
IM
input validation criteria
bytecode verifier
application layer
49. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
authenticode
application layer
ActiveX
cookie poisoning
50. Categories of XSS
data link
session
physical
reflected and stored