SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
peer to peer
java
reflected XSS
misconfigured mail server
2. A named collection of Web sites that can be assigned a specific security level
application
security objective definition
stored XSS
zones
3. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
buffer overflow
session
vulnerability identification
application
4. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
data link
reflected XSS
security objective definition
cookie hijacking
5. Used by java to verify the code for a list of predetermined insecurities
physical
drive by download
cookie attacks
bytecode verifier
6. OSI layer that relates to the physical connection of two devices (i.e. RS-232
transport
presentation
security objective definition - application review - application decomposition - threat identification - vulnerability identification
physical
7. Area of the memory where dynamically allocated variables are stored
buffer overflow
application
heap
javascript
8. Process to identify and assess a system's security risks
threat modeling
application gateways
tracking cookie
threat identification
9. The unauthorized modification of the data stored within a cookie
session
heap
threat identification
cookie poisoning
10. COTS stands for
session - persistent - tracking
common off the shelf
data link
stack
11. OSI layer responsible for network processes to application
Application - Presentation - Session - Transport - Network - Data Link - Physical
data link
javascript
application
12. ARP stands for...
session
transport
address resolution protocol
misconfigured mail server
13. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
packet sniffer
reflected XSS
java
Application - Presentation - Session - Transport - Network - Data Link - Physical
14. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
tracking cookie
P2P
ActiveX
open mail relay
15. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
XSS attacks
authenticode
cookie attacks
stack
16. Two types of buffer overflows
data link
common off the shelf
stack and heap
application decomposition
17. Cause of open SMTP relays
zones
misconfigured mail server
reflected XSS
stack
18. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
heap
vbscript and jscript
input validation
transport
19. XSS stands for
input validation
cookies
cross-site scripting
cookie hijacking
20. Three main cookie types
reflected and stored
session - persistent - tracking
java
javascript
21. Can filter out most buffer overflow attacks
cookie poisoning
authenticode
application gateways
peer to peer
22. Protocols used in this layer - IP
presentation
heap
network
security objective definition - application review - application decomposition - threat identification - vulnerability identification
23. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
misconfigured mail server
zones
bytecode verifier
P2P
24. OSI layer attributed with 75% of malicious attacks
application
peer to peer
ARP spoofing
security objective definition
25. Area of the memory where function calls are stored
application gateways
data link
stack
stack and heap
26. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
security objective definition
vbscript and jscript
address resolution protocol
application
27. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
input validation
drive by download
reflected XSS
threat identification
28. Security zone options offered by Internet Explorer
misconfigured mail server
Internet - Local Intranet - Trusted Sites - Restricted Sites
zones
peer to peer
29. A scripting language - developed by Netscape to perform client-side web development
javascript
heap
XSS attacks
misconfigured mail server
30. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
P2P
heap
persistent cookie
application decomposition
31. Deleted when the user closes their web browser - can contain authentication-related information
transport
javascript
bytecode verifier
session cookie
32. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
vulnerability identification
IM
application
application
33. Phases of threat modeling
tracking cookie
peer to peer
security objective definition - application review - application decomposition - threat identification - vulnerability identification
cookie leaking
34. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
transport
drive by download
cookie leaking
application decomposition
35. OSI model layers
Application - Presentation - Session - Transport - Network - Data Link - Physical
cookie hijacking
application layer
threat identification
36. Protocols used in this layer (ARP
reflected XSS
data link
application
digitally signed java control
37. OSI layer responsible for data representation and encryption (MIME
P2P
presentation
application
P2P
38. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
authenticode
IM
javascript
open mail relay
39. Type - length - format - range
input validation criteria
cookie leaking
session cookie
presentation
40. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
data link
XSS
network
authenticode
41. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
security objective definition - application review - application decomposition - threat identification - vulnerability identification
drive by download
heap
P2P
42. OSI layer that provides transparent transfer of data between end users
stack and heap
transport
Internet - Local Intranet - Trusted Sites - Restricted Sites
P2P
43. OSI layer that establishes - manages and terminates the connections between the local and remote application
cookie hijacking
P2P
session
persistent cookie
44. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
stack
peer to peer
tracking cookie
Application - Presentation - Session - Transport - Network - Data Link - Physical
45. Sensitive information stored within a cookie that is obtained by unauthorized users
input validation
authenticode
common off the shelf
cookie leaking
46. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
physical
packet sniffer
ARP spoofing
threat identification
47. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
input validation
application review
XSS attacks
cookies
48. Tools used to capture packets of data off a network and allow viewing of contents
reflected and stored
packet sniffer
cookie attacks
network
49. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
Application - Presentation - Session - Transport - Network - Data Link - Physical
vbscript and jscript
cookie hijacking
reflected XSS
50. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
transport
application
buffer overflow
javascript