SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
physical
security objective definition - application review - application decomposition - threat identification - vulnerability identification
drive by download
application decomposition
2. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
tracking cookie
sandboxing
common off the shelf
data link
3. Protocols in this layer NNTP
vbscript and jscript
drive by download
application
cross-site scripting
4. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
authenticode
drive by download
network
persistent cookie
5. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
vbscript and jscript
persistent cookie
stack
application
6. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
peer to peer
XSS
P2P
Internet - Local Intranet - Trusted Sites - Restricted Sites
7. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
P2P
application
data link
application review
8. OSI layer that relates to the physical connection of two devices (i.e. RS-232
physical
reflected XSS
Internet - Local Intranet - Trusted Sites - Restricted Sites
packet sniffer
9. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
cookie leaking
security objective definition - application review - application decomposition - threat identification - vulnerability identification
session
IM
10. Protocols used in this layer (ARP
application review
application
session
data link
11. The unauthorized modification of the data stored within a cookie
cookie poisoning
stack and heap
reflected and stored
buffer overflow
12. Used by java to verify the code for a list of predetermined insecurities
bytecode verifier
reflected XSS
input validation
stored XSS
13. OSI layer that establishes - manages and terminates the connections between the local and remote application
peer to peer
physical
session
presentation
14. P2P stands for...
peer to peer
digitally signed java control
ActiveX
data link
15. Sensitive information stored within a cookie that is obtained by unauthorized users
security objective definition - application review - application decomposition - threat identification - vulnerability identification
reflected XSS
application
cookie leaking
16. OSI layer attributed with 75% of malicious attacks
application
application layer
common off the shelf
session
17. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
input validation
java
physical
application gateways
18. COTS stands for
authenticode
common off the shelf
tracking cookie
address resolution protocol
19. A scripting language - developed by Netscape to perform client-side web development
cookie attacks
IM
javascript
tracking cookie
20. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
application
cookies
ARP spoofing
packet sniffer
21. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
session
application gateways
cookie attacks
buffer overflow
22. Categories of XSS
cookie attacks
transport
threat identification
reflected and stored
23. OSI layer responsible for path determination and logical addressing - routers operate at this layer
stack and heap
XSS
presentation
network
24. Type - length - format - range
transport
zones
input validation criteria
Application - Presentation - Session - Transport - Network - Data Link - Physical
25. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
application review
physical
misconfigured mail server
common off the shelf
26. A named collection of Web sites that can be assigned a specific security level
buffer overflow
zones
digitally signed java control
XSS
27. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
XSS
threat modeling
cookie poisoning
reflected XSS
28. Protocols used in this layer - IP
zones
IM
XSS
network
29. Three main cookie types
peer to peer
session - persistent - tracking
threat identification
heap
30. OSI layer that provides transparent transfer of data between end users
authenticode
transport
cookie hijacking
input validation
31. OSI layer responsible for network processes to application
session
application
java
input validation criteria
32. OSI layer responsible for data representation and encryption (MIME
transport
presentation
data link
stack and heap
33. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
common off the shelf
network
vulnerability identification
persistent cookie
34. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
application decomposition
peer to peer
P2P
35. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
peer to peer
application gateways
security objective definition - application review - application decomposition - threat identification - vulnerability identification
cross-site scripting
36. Tools used to capture packets of data off a network and allow viewing of contents
cookies
threat identification
common off the shelf
packet sniffer
37. OSI layer that provides interhost communication (Named Pipes
vbscript and jscript
digitally signed java control
session
sandboxing
38. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
network
cookie attacks
application review
cookies
39. XSS stands for
XSS attacks
cross-site scripting
session
vbscript and jscript
40. Deleted when the user closes their web browser - can contain authentication-related information
bytecode verifier
zones
physical
session cookie
41. Phases of threat modeling
P2P
security objective definition - application review - application decomposition - threat identification - vulnerability identification
Application - Presentation - Session - Transport - Network - Data Link - Physical
input validation
42. Area of the memory where dynamically allocated variables are stored
session - persistent - tracking
transport
heap
P2P
43. Can filter out most buffer overflow attacks
P2P
application gateways
cookie attacks
application review
44. ARP stands for...
address resolution protocol
zones
XSS
bytecode verifier
45. Cause of open SMTP relays
misconfigured mail server
physical
cookie poisoning
peer to peer
46. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
transport
threat identification
peer to peer
ActiveX
47. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
heap
P2P
security objective definition
authenticode
48. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
packet sniffer
cookie attacks
stored XSS
data link
49. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
sandboxing
network
zones
java
50. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
drive by download
network
open mail relay
buffer overflow