SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
cookie attacks
XSS
address resolution protocol
threat modeling
2. Sensitive information stored within a cookie that is obtained by unauthorized users
cookie leaking
stored XSS
persistent cookie
presentation
3. OSI layer that establishes - manages and terminates the connections between the local and remote application
application layer
vulnerability identification
session
transport
4. Protocols used in this layer - IP
XSS
network
presentation
bytecode verifier
5. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
security objective definition - application review - application decomposition - threat identification - vulnerability identification
data link
cookies
reflected and stored
6. The unauthorized modification of the data stored within a cookie
cookie poisoning
security objective definition - application review - application decomposition - threat identification - vulnerability identification
session
session cookie
7. XSS stands for
cross-site scripting
data link
stack and heap
reflected and stored
8. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
security objective definition
stored XSS
sandboxing
buffer overflow
9. Can leave the sandbox and obtain access to client resources
ARP spoofing
digitally signed java control
data link
drive by download
10. Cause of open SMTP relays
drive by download
buffer overflow
threat modeling
misconfigured mail server
11. Three main cookie types
session - persistent - tracking
authenticode
P2P
Internet - Local Intranet - Trusted Sites - Restricted Sites
12. OSI layer that provides transparent transfer of data between end users
reflected XSS
packet sniffer
transport
stack and heap
13. OSI layer responsible for path determination and logical addressing - routers operate at this layer
misconfigured mail server
ARP spoofing
security objective definition
network
14. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
application decomposition
threat identification
data link
buffer overflow
15. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
application gateways
network
vulnerability identification
ActiveX
16. Area of the memory where function calls are stored
data link
tracking cookie
transport
stack
17. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
vulnerability identification
buffer overflow
IM
bytecode verifier
18. Protocols in this layer NNTP
vulnerability identification
buffer overflow
application
input validation criteria
19. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
P2P
security objective definition
authenticode
XSS attacks
20. Area of the memory where dynamically allocated variables are stored
persistent cookie
heap
threat identification
java
21. P2P stands for...
XSS
tracking cookie
peer to peer
network
22. OSI layer responsible for data representation and encryption (MIME
java
data link
presentation
P2P
23. A named collection of Web sites that can be assigned a specific security level
application gateways
zones
data link
reflected XSS
24. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
physical
XSS attacks
buffer overflow
peer to peer
25. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
persistent cookie
ARP spoofing
cookie poisoning
authenticode
26. ARP stands for...
stored XSS
address resolution protocol
sandboxing
session
27. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
stack
cookie poisoning
session cookie
28. OSI model layers
reflected XSS
peer to peer
Application - Presentation - Session - Transport - Network - Data Link - Physical
security objective definition - application review - application decomposition - threat identification - vulnerability identification
29. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
ARP spoofing
Internet - Local Intranet - Trusted Sites - Restricted Sites
cookie leaking
IM
30. COTS stands for
threat identification
common off the shelf
data link
ARP spoofing
31. Type - length - format - range
security objective definition
common off the shelf
bytecode verifier
input validation criteria
32. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
input validation criteria
drive by download
sandboxing
transport
33. OSI layer that relates to the physical connection of two devices (i.e. RS-232
input validation criteria
application
peer to peer
physical
34. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
threat identification
drive by download
security objective definition - application review - application decomposition - threat identification - vulnerability identification
security objective definition
35. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
java
cookie attacks
peer to peer
packet sniffer
36. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
physical
P2P
persistent cookie
Application - Presentation - Session - Transport - Network - Data Link - Physical
37. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
stored XSS
session cookie
ARP spoofing
zones
38. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
reflected XSS
bytecode verifier
sandboxing
security objective definition - application review - application decomposition - threat identification - vulnerability identification
39. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
javascript
application decomposition
data link
P2P
40. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
application review
application
physical
application gateways
41. Protocols used in this layer (ARP
threat identification
data link
digitally signed java control
peer to peer
42. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
Application - Presentation - Session - Transport - Network - Data Link - Physical
cross-site scripting
transport
data link
43. Deleted when the user closes their web browser - can contain authentication-related information
session cookie
cookie poisoning
security objective definition
application decomposition
44. Phases of threat modeling
application
address resolution protocol
security objective definition - application review - application decomposition - threat identification - vulnerability identification
transport
45. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
Application - Presentation - Session - Transport - Network - Data Link - Physical
drive by download
application layer
application decomposition
46. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
input validation
ARP spoofing
vulnerability identification
data link
47. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
presentation
transport
sandboxing
cookie attacks
48. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
threat identification
drive by download
sandboxing
cookie attacks
49. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
java
vbscript and jscript
presentation
transport
50. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application review
XSS
application decomposition
presentation