SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
Application - Presentation - Session - Transport - Network - Data Link - Physical
stored XSS
buffer overflow
application gateways
2. Sensitive information stored within a cookie that is obtained by unauthorized users
application decomposition
reflected and stored
application
cookie leaking
3. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
heap
vbscript and jscript
session
presentation
4. Can leave the sandbox and obtain access to client resources
cookies
P2P
digitally signed java control
transport
5. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
common off the shelf
address resolution protocol
transport
XSS attacks
6. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
reflected and stored
application
open mail relay
data link
7. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
cookie hijacking
physical
data link
input validation criteria
8. COTS stands for
misconfigured mail server
vulnerability identification
common off the shelf
reflected and stored
9. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
stack and heap
persistent cookie
cookie attacks
physical
10. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
reflected XSS
sandboxing
cookies
cookie hijacking
11. OSI layer attributed with 75% of malicious attacks
packet sniffer
physical
address resolution protocol
application
12. Protocols used in this layer - IP
XSS
network
physical
authenticode
13. Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
peer to peer
drive by download
digitally signed java control
threat identification
14. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
input validation
session cookie
Application - Presentation - Session - Transport - Network - Data Link - Physical
cookies
15. Protocols in this layer NNTP
application
security objective definition - application review - application decomposition - threat identification - vulnerability identification
bytecode verifier
session - persistent - tracking
16. Three main cookie types
session - persistent - tracking
application layer
bytecode verifier
cross-site scripting
17. Categories of XSS
reflected and stored
peer to peer
cookie poisoning
cookie attacks
18. OSI layer that provides transparent transfer of data between end users
vulnerability identification
transport
presentation
network
19. Two types of buffer overflows
application
cross-site scripting
stack and heap
bytecode verifier
20. Used by java to verify the code for a list of predetermined insecurities
input validation criteria
buffer overflow
network
bytecode verifier
21. Allow an attacker to intercept and modifiy data sent between two network devices - hijacking of network communications - attacks data link layer
address resolution protocol
security objective definition
java
ARP spoofing
22. P2P stands for...
peer to peer
vulnerability identification
Internet - Local Intranet - Trusted Sites - Restricted Sites
application gateways
23. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
security objective definition
tracking cookie
session
peer to peer
24. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
digitally signed java control
vulnerability identification
XSS
drive by download
25. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
IM
javascript
application gateways
bytecode verifier
26. Type - length - format - range
persistent cookie
application
session
input validation criteria
27. Protocols used in this layer (ARP
application
data link
cookie leaking
input validation criteria
28. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
vbscript and jscript
session cookie
data link
tracking cookie
29. Used to record user's web activity - may be downloaded in the background
tracking cookie
session - persistent - tracking
cookie leaking
persistent cookie
30. The unauthorized modification of the data stored within a cookie
misconfigured mail server
open mail relay
cookie poisoning
input validation criteria
31. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
vulnerability identification
data link
presentation
security objective definition
32. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
cookies
Internet - Local Intranet - Trusted Sites - Restricted Sites
ActiveX
cross-site scripting
33. OSI layer that provides interhost communication (Named Pipes
session
Application - Presentation - Session - Transport - Network - Data Link - Physical
data link
XSS attacks
34. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
open mail relay
authenticode
stored XSS
P2P
35. OSI model layers
session cookie
input validation criteria
Application - Presentation - Session - Transport - Network - Data Link - Physical
application
36. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
network
heap
buffer overflow
ARP spoofing
37. Process to identify and assess a system's security risks
ARP spoofing
common off the shelf
threat modeling
persistent cookie
38. A scripting language - developed by Netscape to perform client-side web development
stored XSS
ARP spoofing
packet sniffer
javascript
39. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
network
persistent cookie
open mail relay
input validation criteria
40. ARP stands for...
address resolution protocol
common off the shelf
cookies
persistent cookie
41. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
peer to peer
application
cookie hijacking
cookies
42. Can filter out most buffer overflow attacks
data link
data link
application
application gateways
43. XSS stands for
common off the shelf
application decomposition
physical
cross-site scripting
44. OSI layer that relates to the physical connection of two devices (i.e. RS-232
physical
session cookie
stack
digitally signed java control
45. OSI layer that establishes - manages and terminates the connections between the local and remote application
threat modeling
Application - Presentation - Session - Transport - Network - Data Link - Physical
application gateways
session
46. Security zone options offered by Internet Explorer
Internet - Local Intranet - Trusted Sites - Restricted Sites
physical
IM
buffer overflow
47. Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
cookie leaking
peer to peer
presentation
drive by download
48. OSI layer responsible for path determination and logical addressing - routers operate at this layer
reflected and stored
heap
network
XSS
49. Tools used to capture packets of data off a network and allow viewing of contents
packet sniffer
drive by download
network
application gateways
50. Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
P2P
address resolution protocol
Internet - Local Intranet - Trusted Sites - Restricted Sites
reflected XSS