SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Domain4 Application Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Can filter out most buffer overflow attacks
packet sniffer
application gateways
presentation
transport
2. Attackers sniff network traffic and capture a cookie download or gain access to a computer and view locally stored cookie
stack and heap
authenticode
application
cookie hijacking
3. OSI layer defines the electrical / physical device specs (media - signal - and binary transmission). This includes the layout of pins - voltages - cable specifications - hubs - network adapters - host bus adapters and more.
application decomposition
P2P
packet sniffer
physical
4. Malicious code stored in a web application that is downloaded and executed without the user's knowledge
presentation
threat modeling
network
stored XSS
5. The unauthorized modification of the data stored within a cookie
P2P
reflected XSS
packet sniffer
cookie poisoning
6. A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
stack
input validation
java
peer to peer
7. This layer formats and encrypts data to be sent across a network - providing freedom from compatibility problems - sometimes called the syntax layer
presentation
authenticode
Internet - Local Intranet - Trusted Sites - Restricted Sites
Application - Presentation - Session - Transport - Network - Data Link - Physical
8. Server misused to forward spam - DoS conditions - damage to brand - blacklist on spam sites are risks associated with
open mail relay
application decomposition
tracking cookie
persistent cookie
9. Sensitive information stored within a cookie that is obtained by unauthorized users
bytecode verifier
cookie leaking
security objective definition - application review - application decomposition - threat identification - vulnerability identification
presentation
10. A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
authenticode
Internet - Local Intranet - Trusted Sites - Restricted Sites
threat modeling
data link
11. Area of the memory where function calls are stored
stack
data link
common off the shelf
application
12. Protocols used in this layer (ARP
authenticode
data link
application review
session cookie
13. XSS stands for
drive by download
network
data link
cross-site scripting
14. Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
peer to peer
vbscript and jscript
packet sniffer
transport
15. Security objectives placed on an application are identified - controlling the scope of the threat modeling process
application review
security objective definition
vulnerability identification
zones
16. Process to identify and assess a system's security risks
java
input validation
threat modeling
ARP spoofing
17. Can leave the sandbox and obtain access to client resources
address resolution protocol
session
digitally signed java control
common off the shelf
18. Three main cookie types
security objective definition - application review - application decomposition - threat identification - vulnerability identification
presentation
session
session - persistent - tracking
19. An attack that occurs when malicious code is injected into a web site - where it is downloaded and executed by other users
XSS
application decomposition
presentation
P2P
20. ARP stands for...
cookie leaking
address resolution protocol
zones
presentation
21. More data is put into a buffer than it was designed to hold - can be caused deliberately by hackers to run malicious code
session
data link
data link
buffer overflow
22. A microsoft created technology that enables software applications to share and reuse software components - maybe used to access files on local system or system registry
common off the shelf
IM
application
ActiveX
23. Used to record user's web activity - may be downloaded in the background
presentation
tracking cookie
transport
vulnerability identification
24. A scripting language - developed by Netscape to perform client-side web development
session
javascript
peer to peer
threat modeling
25. The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
vulnerability identification
presentation
physical
session - persistent - tracking
26. Two types of buffer overflows
application
stack and heap
vbscript and jscript
IM
27. Protocols in this layer NNTP
physical
data link
application
presentation
28. OSI layer that relates to the physical connection of two devices (i.e. RS-232
physical
common off the shelf
ARP spoofing
application gateways
29. IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
peer to peer
IM
session
digitally signed java control
30. Area of the memory where dynamically allocated variables are stored
heap
physical
address resolution protocol
stored XSS
31. Enable the cookie secure-bit setting - avoid using cookies to hold sensitive data - block third-party cookies will prevent ______
cookie attacks
java
stored XSS
ActiveX
32. OSI layer responsible for data representation and encryption (MIME
presentation
vbscript and jscript
heap
java
33. Used by java and javascript to isolate executing code in a reserved area of memory to limit damage of malicious code
tracking cookie
sandboxing
vbscript and jscript
transport
34. Security zone options offered by Internet Explorer
Internet - Local Intranet - Trusted Sites - Restricted Sites
cookie leaking
input validation criteria
data link
35. Used by java to verify the code for a list of predetermined insecurities
cookie attacks
bytecode verifier
address resolution protocol
reflected XSS
36. Number one safeguard against buffer overflow - XSS - data injection - and DoS attacks
P2P
sandboxing
tracking cookie
input validation
37. Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
session
network
session cookie
persistent cookie
38. OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
Internet - Local Intranet - Trusted Sites - Restricted Sites
physical
transport
data link
39. A named collection of Web sites that can be assigned a specific security level
zones
security objective definition - application review - application decomposition - threat identification - vulnerability identification
cookie hijacking
application review
40. OSI layer responsible for path determination and logical addressing - routers operate at this layer
vulnerability identification
network
data link
cookie hijacking
41. Each client is a peer and serves each other client on the network - requires client application and appropriate open network ports to operate
reflected and stored
XSS
peer to peer
reflected XSS
42. Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
common off the shelf
security objective definition - application review - application decomposition - threat identification - vulnerability identification
session cookie
application review
43. Ensure data input is validated - encode user supplied data - don't click on unknown hyperlinks - implement restrictive web browser security zones are preventative measures against
session
misconfigured mail server
network
XSS attacks
44. OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
packet sniffer
IM
application
data link
45. Categories of XSS
tracking cookie
security objective definition - application review - application decomposition - threat identification - vulnerability identification
XSS
reflected and stored
46. Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
session
application gateways
XSS attacks
cookies
47. Protocols used in this layer - IP
network
misconfigured mail server
ARP spoofing
threat modeling
48. Phases of threat modeling
reflected XSS
stored XSS
security objective definition - application review - application decomposition - threat identification - vulnerability identification
packet sniffer
49. Target for trojans and viruses - used to transfer stolen/pirated data - unintentional disclosure of data are risks associated with
XSS
P2P
open mail relay
threat identification
50. Phase of threat modeling that reviews application ingress and egress data flow and trust boundaries
application layer
application decomposition
input validation
security objective definition