SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Enticing a user to execute malicious code stored on a web server (i.e. via hyperlink in an email)
session
packet sniffer
reflected XSS
presentation
2. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
digitally signed java control
bytecode verifier
P2P
session - persistent - tracking
3. OSI layer responsible for end-to-end connections and reliability (i.e. TCP
transport
peer to peer
presentation
application
4. Protocols in this layer NNTP
security objective definition - application review - application decomposition - threat identification - vulnerability identification
physical
vulnerability identification
application
5. Categories of XSS
cookie leaking
reflected and stored
physical
buffer overflow
6. Used by java to verify the code for a list of predetermined insecurities
physical
application gateways
bytecode verifier
input validation criteria
7. Deleted when the user closes their web browser - can contain authentication-related information
security objective definition
session cookie
sandboxing
IM
8. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
peer to peer
session
XSS
physical
9. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
cookie hijacking
session - persistent - tracking
stack
ARP spoofing
10. Area of the memory where function calls are stored
stack
session cookie
peer to peer
XSS
11. Sensitive information stored within a cookie that is obtained by unauthorized users
cookies
application review
network
cookie leaking
12. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
XSS attacks
application
address resolution protocol
presentation
13. OSI layer responsible for path determination and logical addressing - routers operate at this layer
P2P
network
physical
Internet - Local Intranet - Trusted Sites - Restricted Sites
14. Tools used to capture packets of data off a network and allow viewing of contents
packet sniffer
session
address resolution protocol
application gateways
15. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
application review
P2P
reflected XSS
transport
16. OSI layer attributed with 75% of malicious attacks
packet sniffer
application
cookie poisoning
buffer overflow
17. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
sandboxing
input validation
vbscript and jscript
persistent cookie
18. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
packet sniffer
physical
ARP spoofing
transport
19. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
session
application layer
presentation
threat identification
20. Attacks targeting buffer overflow and cross-site scripting attack this OSI layer
packet sniffer
input validation
authenticode
application layer
21. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
input validation criteria
P2P
stack
vbscript and jscript
22. Area of the memory where dynamically allocated variables are stored
XSS
heap
digitally signed java control
application review
23. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
P2P
java
persistent cookie
presentation
24. Phases of threat modeling
security objective definition - application review - application decomposition - threat identification - vulnerability identification
cookie leaking
authenticode
XSS attacks
25. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
data link
peer to peer
ActiveX
cookie leaking
26. Cause of open SMTP relays
cookie poisoning
ActiveX
peer to peer
misconfigured mail server
27. OSI layer responsible for data representation and encryption (MIME
reflected and stored
bytecode verifier
vbscript and jscript
presentation
28. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
tracking cookie
presentation
security objective definition
data link
29. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
buffer overflow
XSS
P2P
cross-site scripting
30. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
cookie attacks
Application - Presentation - Session - Transport - Network - Data Link - Physical
peer to peer
vulnerability identification
31. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
security objective definition
presentation
cookie leaking
bytecode verifier
32. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
application
physical
cookie attacks
application
33. OSI layer that establishes - manages and terminates the connections between the local and remote application
application decomposition
session
digitally signed java control
vbscript and jscript
34. Two types of buffer overflows
stack
stack and heap
P2P
open mail relay
35. OSI layer that relates to the physical connection of two devices (i.e. RS-232
stored XSS
network
session
physical
36. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
Internet - Local Intranet - Trusted Sites - Restricted Sites
sandboxing
vulnerability identification
network
37. Can leave the sandbox and obtain access to client resources
persistent cookie
transport
application review
digitally signed java control
38. Security zone options offered by Internet Explorer
Internet - Local Intranet - Trusted Sites - Restricted Sites
bytecode verifier
application
cookie leaking
39. P2P stands for...
physical
stack and heap
peer to peer
heap
40. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie attacks
stack and heap
physical
network
41. OSI layer that provides interhost communication (Named Pipes
security objective definition - application review - application decomposition - threat identification - vulnerability identification
session
application review
data link
42. Process to identify and assess a system's security risks
threat modeling
transport
session
ActiveX
43. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
presentation
ActiveX
data link
session cookie
44. Three main cookie types
stored XSS
session - persistent - tracking
data link
buffer overflow
45. The unauthorized modification of the data stored within a cookie
session - persistent - tracking
ARP spoofing
application gateways
cookie poisoning
46. A scripting language - developed by Netscape to perform client-side web development
session - persistent - tracking
javascript
presentation
misconfigured mail server
47. COTS stands for
java
cookie attacks
common off the shelf
peer to peer
48. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
data link
open mail relay
transport
packet sniffer
49. Protocols used in this layer - IP
network
cookie attacks
P2P
application decomposition
50. Protocols used in this layer (ARP
cookies
data link
cookie leaking
tracking cookie