SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
authenticode
buffer overflow
cross-site scripting
IM
2. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
cross-site scripting
ARP spoofing
application
reflected and stored
3. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
P2P
ActiveX
zones
physical
4. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
P2P
XSS
transport
zones
5. ARP stands for...
peer to peer
transport
reflected and stored
address resolution protocol
6. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
presentation
IM
authenticode
transport
7. OSI layer responsible for data representation and encryption (MIME
input validation
presentation
authenticode
cookie poisoning
8. Used by java to verify the code for a list of predetermined insecurities
common off the shelf
bytecode verifier
data link
zones
9. OSI layer responsible for network processes to application
stack
tracking cookie
application
transport
10. OSI layer attributed with 75% of malicious attacks
cookie attacks
peer to peer
application
IM
11. XSS stands for
javascript
cookie attacks
sandboxing
cross-site scripting
12. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
data link
Application - Presentation - Session - Transport - Network - Data Link - Physical
authenticode
java
13. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
XSS attacks
ARP spoofing
zones
reflected XSS
14. A named collection of Web sites that can be assigned a specific security level
vulnerability identification
sandboxing
application
zones
15. A scripting language - developed by Netscape to perform client-side web development
peer to peer
physical
javascript
presentation
16. Protocols in this layer NNTP
application
application gateways
physical
stack and heap
17. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
P2P
vbscript and jscript
cookie leaking
security objective definition
18. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
threat modeling
stored XSS
data link
XSS
19. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
reflected XSS
application decomposition
XSS
peer to peer
20. Phases of threat modeling
security objective definition - application review - application decomposition - threat identification - vulnerability identification
IM
input validation criteria
packet sniffer
21. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
drive by download
application decomposition
bytecode verifier
input validation
22. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
security objective definition - application review - application decomposition - threat identification - vulnerability identification
persistent cookie
threat modeling
cookies
23. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
open mail relay
application decomposition
input validation criteria
security objective definition
24. Two types of buffer overflows
stack
stack and heap
transport
cookies
25. OSI layer that establishes - manages and terminates the connections between the local and remote application
persistent cookie
tracking cookie
session
drive by download
26. The unauthorized modification of the data stored within a cookie
transport
cookie hijacking
bytecode verifier
cookie poisoning
27. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
application review
stack
cookie leaking
data link
28. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
reflected and stored
misconfigured mail server
heap
29. Can filter out most buffer overflow attacks
application gateways
data link
XSS
IM
30. Cause of open SMTP relays
physical
physical
sandboxing
misconfigured mail server
31. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
presentation
cookie attacks
cookies
input validation criteria
32. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
open mail relay
zones
application
presentation
33. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
peer to peer
drive by download
persistent cookie
session - persistent - tracking
34. P2P stands for...
security objective definition
peer to peer
cookie poisoning
misconfigured mail server
35. Area of the memory where dynamically allocated variables are stored
address resolution protocol
application decomposition
misconfigured mail server
heap
36. Protocols used in this layer (ARP
network
data link
P2P
peer to peer
37. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
zones
reflected XSS
data link
cookie hijacking
38. OSI model layers
Application - Presentation - Session - Transport - Network - Data Link - Physical
peer to peer
network
P2P
39. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
session cookie
authenticode
ActiveX
application layer
40. OSI layer that relates to the physical connection of two devices (i.e. RS-232
data link
reflected XSS
common off the shelf
physical
41. Three main cookie types
P2P
session - persistent - tracking
stored XSS
transport
42. COTS stands for
common off the shelf
zones
session cookie
javascript
43. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
threat modeling
XSS
application layer
input validation
44. OSI layer that provides interhost communication (Named Pipes
session
bytecode verifier
persistent cookie
threat modeling
45. Can leave the sandbox and obtain access to client resources
digitally signed java control
cookie hijacking
cookies
data link
46. Tools used to capture packets of data off a network and allow viewing of contents
cookie attacks
threat identification
stack
packet sniffer
47. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
authenticode
application review
transport
persistent cookie
48. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
persistent cookie
security objective definition
javascript
drive by download
49. Sensitive information stored within a cookie that is obtained by unauthorized users
peer to peer
session cookie
cookie leaking
ARP spoofing
50. Area of the memory where function calls are stored
presentation
physical
drive by download
stack