SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Process to identify and assess a system's security risks
tracking cookie
stored XSS
security objective definition - application review - application decomposition - threat identification - vulnerability identification
threat modeling
2. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
network
cookie poisoning
vbscript and jscript
stack and heap
3. OSI layer that provides interhost communication (Named Pipes
Application - Presentation - Session - Transport - Network - Data Link - Physical
peer to peer
session
address resolution protocol
4. Security zone options offered by Internet Explorer
java
application
cookie poisoning
Internet - Local Intranet - Trusted Sites - Restricted Sites
5. Categories of XSS
vbscript and jscript
persistent cookie
reflected and stored
ActiveX
6. XSS stands for
peer to peer
cross-site scripting
Internet - Local Intranet - Trusted Sites - Restricted Sites
presentation
7. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
presentation
stack and heap
application decomposition
peer to peer
8. Area of the memory where dynamically allocated variables are stored
presentation
session
heap
transport
9. Used by java to verify the code for a list of predetermined insecurities
vulnerability identification
cross-site scripting
bytecode verifier
heap
10. OSI layer attributed with 75% of malicious attacks
application
presentation
network
address resolution protocol
11. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
cookie attacks
IM
vbscript and jscript
javascript
12. OSI layer that provides transparent transfer of data between end users
application
transport
address resolution protocol
misconfigured mail server
13. Sensitive information stored within a cookie that is obtained by unauthorized users
cookie leaking
sandboxing
bytecode verifier
peer to peer
14. Tools used to capture packets of data off a network and allow viewing of contents
network
cookies
cookie leaking
packet sniffer
15. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
authenticode
persistent cookie
security objective definition - application review - application decomposition - threat identification - vulnerability identification
session cookie
16. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
physical
Internet - Local Intranet - Trusted Sites - Restricted Sites
peer to peer
javascript
17. OSI layer responsible for network processes to application
open mail relay
application
sandboxing
XSS
18. A scripting language - developed by Netscape to perform client-side web development
reflected and stored
misconfigured mail server
javascript
stored XSS
19. Area of the memory where function calls are stored
stack
security objective definition - application review - application decomposition - threat identification - vulnerability identification
Internet - Local Intranet - Trusted Sites - Restricted Sites
open mail relay
20. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
cross-site scripting
P2P
drive by download
peer to peer
21. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
open mail relay
sandboxing
ActiveX
javascript
22. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
session
session
stored XSS
ARP spoofing
23. OSI model layers
vulnerability identification
application review
Application - Presentation - Session - Transport - Network - Data Link - Physical
java
24. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
application gateways
tracking cookie
XSS attacks
threat modeling
25. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
P2P
java
data link
transport
26. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
application review
security objective definition - application review - application decomposition - threat identification - vulnerability identification
session
buffer overflow
27. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
cross-site scripting
security objective definition - application review - application decomposition - threat identification - vulnerability identification
security objective definition
28. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
application gateways
data link
javascript
session
29. Two types of buffer overflows
transport
stack and heap
P2P
cookie hijacking
30. Deleted when the user closes their web browser - can contain authentication-related information
threat identification
presentation
session cookie
drive by download
31. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
presentation
network
session - persistent - tracking
cookies
32. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
network
security objective definition
session - persistent - tracking
security objective definition - application review - application decomposition - threat identification - vulnerability identification
33. OSI layer responsible for data representation and encryption (MIME
network
presentation
IM
session
34. The unauthorized modification of the data stored within a cookie
security objective definition - application review - application decomposition - threat identification - vulnerability identification
cookie poisoning
bytecode verifier
cross-site scripting
35. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
application gateways
P2P
physical
session cookie
36. OSI layer responsible for path determination and logical addressing - routers operate at this layer
network
authenticode
cookie leaking
XSS
37. P2P stands for...
peer to peer
reflected and stored
application review
vulnerability identification
38. Type - length - format - range
application
bytecode verifier
input validation
input validation criteria
39. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cross-site scripting
drive by download
cookie attacks
data link
40. Cause of open SMTP relays
misconfigured mail server
session
stack and heap
digitally signed java control
41. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
authenticode
heap
security objective definition
drive by download
42. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application decomposition
Application - Presentation - Session - Transport - Network - Data Link - Physical
application review
cookie leaking
43. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
threat modeling
drive by download
peer to peer
authenticode
44. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
tracking cookie
misconfigured mail server
session
transport
45. Protocols used in this layer - IP
physical
input validation
network
XSS
46. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
session - persistent - tracking
application layer
transport
XSS
47. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
threat identification
sandboxing
digitally signed java control
transport
48. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
application
bytecode verifier
ActiveX
physical
49. OSI layer that relates to the physical connection of two devices (i.e. RS-232
physical
application gateways
Application - Presentation - Session - Transport - Network - Data Link - Physical
stack and heap
50. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
buffer overflow
cookies
reflected XSS
application review