SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Area of the memory where function calls are stored
cookie poisoning
input validation criteria
bytecode verifier
stack
2. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
reflected and stored
cookie leaking
data link
cross-site scripting
3. OSI layer attributed with 75% of malicious attacks
cross-site scripting
application review
heap
application
4. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
input validation criteria
Application - Presentation - Session - Transport - Network - Data Link - Physical
buffer overflow
zones
5. OSI layer responsible for data representation and encryption (MIME
application layer
network
presentation
data link
6. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
presentation
P2P
drive by download
input validation
7. Can filter out most buffer overflow attacks
application gateways
bytecode verifier
P2P
common off the shelf
8. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
session - persistent - tracking
application
cookie attacks
stack
9. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application decomposition
security objective definition
open mail relay
session - persistent - tracking
10. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
XSS
application
P2P
input validation
11. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
security objective definition
input validation criteria
transport
sandboxing
12. Cause of open SMTP relays
session cookie
misconfigured mail server
stored XSS
session
13. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
application gateways
application review
transport
cookie hijacking
14. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
input validation
cookies
vulnerability identification
physical
15. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
IM
stack and heap
application gateways
tracking cookie
16. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
zones
application gateways
physical
IM
17. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
peer to peer
presentation
java
drive by download
18. Phases of threat modeling
security objective definition - application review - application decomposition - threat identification - vulnerability identification
cross-site scripting
application layer
persistent cookie
19. Used to record user's web activity - may be downloaded in the background
peer to peer
stored XSS
java
tracking cookie
20. Tools used to capture packets of data off a network and allow viewing of contents
packet sniffer
misconfigured mail server
XSS attacks
input validation
21. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
P2P
vulnerability identification
application
application layer
22. Process to identify and assess a system's security risks
javascript
Internet - Local Intranet - Trusted Sites - Restricted Sites
ARP spoofing
threat modeling
23. Protocols used in this layer (ARP
data link
cross-site scripting
IM
bytecode verifier
24. Three main cookie types
sandboxing
IM
session - persistent - tracking
application
25. Deleted when the user closes their web browser - can contain authentication-related information
cookie hijacking
input validation criteria
session cookie
open mail relay
26. OSI model layers
Application - Presentation - Session - Transport - Network - Data Link - Physical
stack
session cookie
application review
27. Categories of XSS
data link
ActiveX
vulnerability identification
reflected and stored
28. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
presentation
input validation
input validation criteria
packet sniffer
29. OSI layer that provides interhost communication (Named Pipes
session
data link
presentation
physical
30. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
application review
input validation criteria
Application - Presentation - Session - Transport - Network - Data Link - Physical
cookie hijacking
31. OSI layer that establishes - manages and terminates the connections between the local and remote application
presentation
session
physical
application layer
32. Security zone options offered by Internet Explorer
cookie hijacking
persistent cookie
Internet - Local Intranet - Trusted Sites - Restricted Sites
presentation
33. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
application layer
cookie hijacking
cookies
presentation
34. OSI layer that provides transparent transfer of data between end users
security objective definition
reflected and stored
common off the shelf
transport
35. COTS stands for
data link
common off the shelf
address resolution protocol
stored XSS
36. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
common off the shelf
P2P
network
application review
37. Sensitive information stored within a cookie that is obtained by unauthorized users
cookie leaking
threat modeling
ARP spoofing
application
38. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
vulnerability identification
cookies
application
cookie attacks
39. P2P stands for...
network
application gateways
input validation criteria
peer to peer
40. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
drive by download
cookie attacks
session cookie
ActiveX
41. The unauthorized modification of the data stored within a cookie
physical
transport
cookie poisoning
heap
42. OSI layer responsible for path determination and logical addressing - routers operate at this layer
network
javascript
P2P
application
43. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
cookie hijacking
address resolution protocol
packet sniffer
stored XSS
44. Area of the memory where dynamically allocated variables are stored
P2P
XSS attacks
application decomposition
heap
45. XSS stands for
peer to peer
cross-site scripting
persistent cookie
application decomposition
46. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
transport
java
misconfigured mail server
security objective definition
47. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
stack and heap
data link
stored XSS
application
48. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
threat identification
vbscript and jscript
cookie attacks
transport
49. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
cross-site scripting
reflected and stored
digitally signed java control
authenticode
50. Used by java to verify the code for a list of predetermined insecurities
P2P
bytecode verifier
input validation criteria
session - persistent - tracking
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests