Application Security

1. What key combination should be used to close a pop-up window?


2. Which statement best applies to the term Java applet?


3. Which of the following concepts can ease administration but can be the victim of a malicious attack?


4. What is it known as when a web script runs in its own environment and does not interfere with other processes?


5. How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.)


6. To code applications in a secure manner, what is the best practice to use?


7. An organization hires you to test an application that you have limited knowledge of. You are given a login to the application but do not have access to source code. What type of test are you running?


8. You check the application log of your web server and see that someone attempted unsuccessfully to enter the text below into an HTML form field. Which attack was attempted?
test; etc/passwd


9. An attacker takes advantage of a vulnerability in programming that allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated?


10. Which of the following attacks uses a JavaScript image tag in an e-mail?


11. Which of the following should occur first when developing software?


12. You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do?


13. You have analyzed what you expect to be malicious code. The results show that JavaScript is being utilized to send random data to a separate service on the same computer. What attack has occurred?


14. Which of the following best describes a protective countermeasure for SQL injection?


15. You have implemented a security technique where an automated system generates random input data to test an application. What have you put into practice?


16. Many third-party programs have security settings disabled by default. What should you as the security administrator do before deploying new software?


17. Which of the following will allow the triggering of a security alert because of a tracking cookie?


18. Which of the following encompasses application patch management?


19. Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?


20. What are two ways to secure a Microsoft-based web browser? (Select the two best answers.)


21. Heaps and stacks can be affected by which of the following attacks?


22. As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet?


23. In an attempt to collect information about a user’s activities, which of the following will be used by spyware?


24. What’s the best way to prevent SQL injection attacks on web applications?


25. Your organization’s servers and applications are being audited. One of the IT auditors tests an application as an authenticated user. Which of the following testing methods is being used?