SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The unauthorized modification of the data stored within a cookie
cookie poisoning
sandboxing
java
drive by download
2. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
threat modeling
peer to peer
sandboxing
buffer overflow
3. OSI layer attributed with 75% of malicious attacks
cookie attacks
session
application
tracking cookie
4. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
stored XSS
session cookie
stack and heap
cookie hijacking
5. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
XSS attacks
application decomposition
network
presentation
6. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
Internet - Local Intranet - Trusted Sites - Restricted Sites
packet sniffer
cookie attacks
P2P
7. Protocols used in this layer - IP
input validation criteria
Internet - Local Intranet - Trusted Sites - Restricted Sites
cookie leaking
network
8. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
physical
physical
stored XSS
input validation
9. Used to record user's web activity - may be downloaded in the background
physical
java
reflected XSS
tracking cookie
10. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
misconfigured mail server
tracking cookie
application layer
data link
11. A named collection of Web sites that can be assigned a specific security level
zones
java
transport
presentation
12. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
peer to peer
stored XSS
IM
physical
13. OSI layer responsible for data representation and encryption (MIME
session - persistent - tracking
common off the shelf
presentation
digitally signed java control
14. Protocols used in this layer (ARP
threat modeling
data link
javascript
tracking cookie
15. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
bytecode verifier
peer to peer
application layer
transport
16. OSI layer that provides interhost communication (Named Pipes
session
stack and heap
persistent cookie
threat modeling
17. Type - length - format - range
sandboxing
input validation criteria
java
Application - Presentation - Session - Transport - Network - Data Link - Physical
18. Three main cookie types
heap
session - persistent - tracking
session
reflected and stored
19. Process to identify and assess a system's security risks
XSS attacks
threat modeling
drive by download
cookie leaking
20. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
reflected and stored
session
sandboxing
cookies
21. Area of the memory where dynamically allocated variables are stored
vbscript and jscript
P2P
session cookie
heap
22. Phases of threat modeling
application decomposition
Application - Presentation - Session - Transport - Network - Data Link - Physical
stored XSS
security objective definition - application review - application decomposition - threat identification - vulnerability identification
23. Deleted when the user closes their web browser - can contain authentication-related information
ActiveX
digitally signed java control
session cookie
physical
24. Categories of XSS
cookie poisoning
cross-site scripting
physical
reflected and stored
25. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
tracking cookie
presentation
physical
XSS
26. COTS stands for
drive by download
heap
reflected XSS
common off the shelf
27. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
cookie hijacking
java
authenticode
IM
28. Area of the memory where function calls are stored
heap
application review
misconfigured mail server
stack
29. OSI model layers
session
application layer
application review
Application - Presentation - Session - Transport - Network - Data Link - Physical
30. Can filter out most buffer overflow attacks
address resolution protocol
cookie hijacking
presentation
application gateways
31. Used by java to verify the code for a list of predetermined insecurities
sandboxing
peer to peer
P2P
bytecode verifier
32. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
transport
vulnerability identification
threat identification
address resolution protocol
33. P2P stands for...
drive by download
peer to peer
security objective definition - application review - application decomposition - threat identification - vulnerability identification
cookie attacks
34. A scripting language - developed by Netscape to perform client-side web development
Internet - Local Intranet - Trusted Sites - Restricted Sites
Application - Presentation - Session - Transport - Network - Data Link - Physical
javascript
packet sniffer
35. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
common off the shelf
network
ARP spoofing
persistent cookie
36. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
ActiveX
XSS attacks
application
P2P
37. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
open mail relay
stack and heap
presentation
vbscript and jscript
38. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
sandboxing
session
address resolution protocol
session cookie
39. Two types of buffer overflows
stack and heap
network
heap
reflected and stored
40. OSI layer that relates to the physical connection of two devices (i.e. RS-232
reflected and stored
cookie leaking
buffer overflow
physical
41. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie attacks
input validation
XSS
session
42. Can leave the sandbox and obtain access to client resources
sandboxing
digitally signed java control
presentation
physical
43. OSI layer responsible for network processes to application
cookie hijacking
physical
application
java
44. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
application layer
security objective definition
heap
cross-site scripting
45. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
reflected XSS
physical
address resolution protocol
data link
46. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
data link
java
zones
presentation
47. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
persistent cookie
application review
packet sniffer
data link
48. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
java
XSS
authenticode
threat identification
49. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
ActiveX
packet sniffer
data link
cookie attacks
50. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
security objective definition
cookie hijacking
java
input validation criteria