SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security zone options offered by Internet Explorer
threat identification
Internet - Local Intranet - Trusted Sites - Restricted Sites
application decomposition
stored XSS
2. OSI layer responsible for path determination and logical addressing - routers operate at this layer
network
heap
common off the shelf
stored XSS
3. Can leave the sandbox and obtain access to client resources
drive by download
presentation
persistent cookie
digitally signed java control
4. Protocols used in this layer - IP
vulnerability identification
application gateways
network
session - persistent - tracking
5. Cause of open SMTP relays
security objective definition
application decomposition
misconfigured mail server
cookie hijacking
6. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
input validation
P2P
transport
sandboxing
7. OSI model layers
tracking cookie
Application - Presentation - Session - Transport - Network - Data Link - Physical
security objective definition
application
8. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
cookies
sandboxing
transport
stored XSS
9. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
session - persistent - tracking
cookies
IM
security objective definition - application review - application decomposition - threat identification - vulnerability identification
10. OSI layer responsible for data representation and encryption (MIME
data link
input validation criteria
presentation
stack
11. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
input validation criteria
presentation
application review
heap
12. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
authenticode
bytecode verifier
tracking cookie
security objective definition
13. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
data link
application
peer to peer
bytecode verifier
14. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
misconfigured mail server
stored XSS
application
session cookie
15. Phases of threat modeling
security objective definition - application review - application decomposition - threat identification - vulnerability identification
data link
cookie leaking
session
16. Categories of XSS
reflected and stored
vbscript and jscript
heap
vulnerability identification
17. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie leaking
network
cookie attacks
network
18. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
application review
open mail relay
bytecode verifier
session cookie
19. The unauthorized modification of the data stored within a cookie
XSS attacks
P2P
cookie poisoning
java
20. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
network
XSS attacks
application review
reflected and stored
21. Area of the memory where dynamically allocated variables are stored
transport
bytecode verifier
heap
reflected and stored
22. P2P stands for...
XSS
zones
peer to peer
transport
23. Process to identify and assess a system's security risks
threat modeling
reflected XSS
heap
ActiveX
24. Used by java to verify the code for a list of predetermined insecurities
presentation
bytecode verifier
sandboxing
cookie attacks
25. XSS stands for
physical
IM
buffer overflow
cross-site scripting
26. A scripting language - developed by Netscape to perform client-side web development
stack
javascript
heap
Internet - Local Intranet - Trusted Sites - Restricted Sites
27. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
data link
input validation
application decomposition
presentation
28. Three main cookie types
session - persistent - tracking
java
session cookie
XSS attacks
29. Deleted when the user closes their web browser - can contain authentication-related information
session
physical
cross-site scripting
session cookie
30. Protocols used in this layer (ARP
session cookie
data link
common off the shelf
input validation criteria
31. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
session
presentation
drive by download
input validation
32. Type - length - format - range
cross-site scripting
transport
input validation criteria
cookie leaking
33. Used to record user's web activity - may be downloaded in the background
peer to peer
tracking cookie
open mail relay
presentation
34. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
application
cookies
network
ARP spoofing
35. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
authenticode
P2P
stack and heap
threat modeling
36. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
vbscript and jscript
input validation criteria
misconfigured mail server
session cookie
37. ARP stands for...
vulnerability identification
session
java
address resolution protocol
38. OSI layer that provides transparent transfer of data between end users
transport
physical
application
vulnerability identification
39. OSI layer that relates to the physical connection of two devices (i.e. RS-232
Internet - Local Intranet - Trusted Sites - Restricted Sites
application
XSS
physical
40. OSI layer responsible for network processes to application
buffer overflow
session cookie
bytecode verifier
application
41. OSI layer that establishes - manages and terminates the connections between the local and remote application
security objective definition - application review - application decomposition - threat identification - vulnerability identification
bytecode verifier
tracking cookie
session
42. Area of the memory where function calls are stored
stack
physical
XSS attacks
reflected and stored
43. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
stack
reflected XSS
XSS attacks
misconfigured mail server
44. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
data link
application layer
java
javascript
45. Sensitive information stored within a cookie that is obtained by unauthorized users
ARP spoofing
network
cookie leaking
XSS
46. COTS stands for
session - persistent - tracking
persistent cookie
java
common off the shelf
47. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
java
cookie attacks
packet sniffer
persistent cookie
48. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
tracking cookie
vulnerability identification
network
buffer overflow
49. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application decomposition
zones
cookie attacks
session - persistent - tracking
50. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
application gateways
cookie poisoning
ActiveX
session cookie