chapter 4 application security knowledge and test prep
DESCRIPTION
Chapter 4 Application Security Knowledge and Test Prep. Press F5 Grab a pen / pencil and paper Jot the answer down for each question. The answers will appear on the next slide Take this prep seriously to help with Chapter 4’s exam... Hint hint. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/1.jpg)
Chapter 4 Application SecurityKnowledge and Test Prep
• Press F5• Grab a pen / pencil and paper• Jot the answer down for each question. • The answers will appear on the next slide
Take this prep seriously to help with Chapter 4’s exam... Hint hint
![Page 2: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/2.jpg)
Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?
A. SMTPB. SAPC. SPAD. Exchange
![Page 3: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/3.jpg)
Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?
A. SMTPB. SAPC. SPA (Secure Password Authentication) is a Microsoft protocol used to authenticate e-mail clients.D. Exchange
![Page 4: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/4.jpg)
As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet?
A. Instant messagingB. CookiesC. Group policiesD. Temporary files
![Page 5: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/5.jpg)
As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet?
A. Instant messagingB. CookiesC. Group policiesD. Temporary files
![Page 6: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/6.jpg)
What are two ways to secure Internet Explorer? (Select the two best answers.)
A. Set the Internet zone’s security level to High.B. Add malicious sites to the Trusted Sites zone.C. Disable the pop-up blocker.D. Disable ActiveX controls.
![Page 7: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/7.jpg)
What are two ways to secure Internet Explorer? (Select the two best answers.)
A. Set the Internet zone’s security level to High.B. Add malicious sites to the Trusted Sites zone.C. Disable the pop-up blocker.D. Disable ActiveX controls.
![Page 8: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/8.jpg)
Which of the following concepts can ease administration but can be the victim of malicious attack? A. ZombiesB. BackdoorsC. Buffer overflowD. Group policy
![Page 9: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/9.jpg)
Which of the following concepts can ease administration but can be the victim of malicious attack? A. ZombiesB. Backdoors Backdoors were originally created to ease administration. However, hackers quickly found that they could use these backdoors for a malicious attack.C. Buffer overflowD. Group policy
![Page 10: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/10.jpg)
In an attempt to collect information about a user’s activities, which of the following will be used by spyware? A. Session cookieB. Tracking cookieC. Shopping cartD. Persistent cookie
![Page 11: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/11.jpg)
In an attempt to collect information about a user’s activities, which of the following will be used by spyware? A. Session cookieB. Tracking cookieC. Shopping cartD. Persistent cookie
![Page 12: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/12.jpg)
An organization hires you to test an application that you have limited knowledge of. You are given a login to the application, but do not have access to source code. What type of test are you running? A. Gray boxB. White boxC. Black boxD. SDLC
![Page 13: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/13.jpg)
An organization hires you to test an application that you have limited knowledge of. You are given a login to the application, but do not have access to source code. What type of test are you running? A. Gray box A gray box test is when you are given limited information about the system you are testing.B. White boxC. Black boxD. SDLC
![Page 14: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/14.jpg)
An attacker takes advantage of vulnerability in programming, which allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? A. Directory traversalB. Command injectionC. Buffer overflowD. Code overflow
![Page 15: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/15.jpg)
An attacker takes advantage of vulnerability in programming, which allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? A. Directory traversalB. Command injectionC. Buffer overflowD. Code overflow
![Page 16: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/16.jpg)
You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? A. Install antivirus softwareB. Install pop-up blockersC. Install screensaversD. Install a host-based firewall
![Page 17: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/17.jpg)
You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? A. Install antivirus softwareB. Install pop-up blockersC. Install screensaversD. Install a host-based firewall
![Page 18: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/18.jpg)
Which of the following attacks uses a JavaScript image tag in an e-mail? A. SQL injectionB. Cross-site request forgeryC. XSS - Cross-site scripting D. Directory traversal
![Page 19: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/19.jpg)
Which of the following attacks uses a JavaScript image tag in an e-mail? A. SQL injectionB. Cross-site request forgeryC. XSS - Cross-site scripting D. Directory traversal
![Page 20: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/20.jpg)
How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.)
A. Have the user contact the webmaster.B. Have the user check for HTTPS://.C. Have the user click the padlock in the browser and verify the certificate.D. Have the user called the ISP.
![Page 21: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/21.jpg)
How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.)
A. Have the user contact the webmaster.B. Have the user check for HTTPS://.C. Have the user click the padlock in the browser and verify the certificate.D. Have the user called the ISP.
![Page 22: Chapter 4 Application Security Knowledge and Test Prep](https://reader033.vdocuments.mx/reader033/viewer/2022052317/56815b78550346895dc97293/html5/thumbnails/22.jpg)
Again, use this Chapter 4 prep to help with Exam #2 (Chapters 4 & 5)