SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. OSI layer that provides interhost communication (Named Pipes
session
sandboxing
reflected XSS
network
2. OSI layer attributed with 75% of malicious attacks
transport
security objective definition
application
physical
3. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
open mail relay
buffer overflow
XSS
stack
4. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
presentation
peer to peer
authenticode
input validation
5. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
application
security objective definition
peer to peer
cookie poisoning
6. OSI layer that establishes - manages and terminates the connections between the local and remote application
ARP spoofing
application gateways
session
P2P
7. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
P2P
session
heap
XSS attacks
8. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
threat modeling
ARP spoofing
data link
presentation
9. P2P stands for...
application
input validation
peer to peer
network
10. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application decomposition
data link
heap
application
11. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
application
transport
application layer
address resolution protocol
12. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
address resolution protocol
java
session cookie
data link
13. OSI layer that relates to the physical connection of two devices (i.e. RS-232
physical
vulnerability identification
common off the shelf
Application - Presentation - Session - Transport - Network - Data Link - Physical
14. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
security objective definition
vulnerability identification
data link
sandboxing
15. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
ActiveX
authenticode
session
javascript
16. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
physical
common off the shelf
vulnerability identification
persistent cookie
17. Protocols in this layer NNTP
P2P
XSS attacks
packet sniffer
application
18. OSI layer responsible for network processes to application
physical
application
address resolution protocol
peer to peer
19. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
application
stack
data link
drive by download
20. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
P2P
threat modeling
zones
tracking cookie
21. Process to identify and assess a system's security risks
cross-site scripting
stored XSS
threat modeling
threat identification
22. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
data link
java
application review
buffer overflow
23. Protocols used in this layer (ARP
security objective definition - application review - application decomposition - threat identification - vulnerability identification
data link
cookie leaking
peer to peer
24. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
peer to peer
Internet - Local Intranet - Trusted Sites - Restricted Sites
presentation
digitally signed java control
25. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
session
Internet - Local Intranet - Trusted Sites - Restricted Sites
peer to peer
XSS
26. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
reflected and stored
tracking cookie
sandboxing
vulnerability identification
27. Security zone options offered by Internet Explorer
peer to peer
security objective definition
open mail relay
Internet - Local Intranet - Trusted Sites - Restricted Sites
28. Three main cookie types
IM
ActiveX
session - persistent - tracking
tracking cookie
29. OSI layer responsible for data representation and encryption (MIME
IM
ActiveX
application layer
presentation
30. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
open mail relay
vbscript and jscript
cookie attacks
data link
31. Used by java to verify the code for a list of predetermined insecurities
bytecode verifier
transport
application decomposition
cookie hijacking
32. Two types of buffer overflows
stack and heap
data link
open mail relay
drive by download
33. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
stored XSS
cookie attacks
sandboxing
tracking cookie
34. Sensitive information stored within a cookie that is obtained by unauthorized users
digitally signed java control
cookie leaking
transport
IM
35. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
physical
reflected XSS
transport
input validation
36. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
cookie attacks
transport
common off the shelf
IM
37. A scripting language - developed by Netscape to perform client-side web development
peer to peer
presentation
javascript
transport
38. XSS stands for
stack
network
cross-site scripting
application
39. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
open mail relay
stored XSS
application
input validation criteria
40. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
tracking cookie
session
presentation
vbscript and jscript
41. Tools used to capture packets of data off a network and allow viewing of contents
input validation
network
stack
packet sniffer
42. Area of the memory where dynamically allocated variables are stored
heap
application gateways
transport
cookies
43. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
sandboxing
application layer
physical
vbscript and jscript
44. Area of the memory where function calls are stored
stack
buffer overflow
application
Internet - Local Intranet - Trusted Sites - Restricted Sites
45. Phases of threat modeling
session - persistent - tracking
peer to peer
security objective definition - application review - application decomposition - threat identification - vulnerability identification
reflected and stored
46. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
network
data link
session
security objective definition - application review - application decomposition - threat identification - vulnerability identification
47. OSI model layers
Application - Presentation - Session - Transport - Network - Data Link - Physical
session
cookie hijacking
peer to peer
48. Cause of open SMTP relays
common off the shelf
misconfigured mail server
application decomposition
cookie attacks
49. Deleted when the user closes their web browser - can contain authentication-related information
ARP spoofing
input validation
session cookie
threat identification
50. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
tracking cookie
zones
sandboxing
java