Chapter 4 Application Security
Knowledge and Test Prep
•
•
•
•
Press F5
Grab a pen / pencil and paper
Jot the answer down for each question.
The answers will appear on the next slide
Take this prep seriously to help with Chapter 4’s exam... Hint hint
Which protocol can be used to secure the e-mail login
from an Outlook client using POP3 and SMTP?
A. SMTP
B. SAP
C. SPA
D. Exchange
Which protocol can be used to secure the e-mail login
from an Outlook client using POP3 and SMTP?
A. SMTP
B. SAP
C. SPA (Secure Password Authentication) is a Microsoft
protocol used to authenticate e-mail clients.
D. Exchange
As part of your user awareness training, you
recommend that users remove which of the following
when they finish accessing the Internet?
A. Instant messaging
B. Cookies
C. Group policies
D. Temporary files
As part of your user awareness training, you
recommend that users remove which of the following
when they finish accessing the Internet?
A. Instant messaging
B. Cookies
C. Group policies
D. Temporary files
What are two ways to secure Internet Explorer? (Select
the two best answers.)
A. Set the Internet zone’s security level to High.
B. Add malicious sites to the Trusted Sites zone.
C. Disable the pop-up blocker.
D. Disable ActiveX controls.
What are two ways to secure Internet Explorer? (Select
the two best answers.)
A. Set the Internet zone’s security level to High.
B. Add malicious sites to the Trusted Sites zone.
C. Disable the pop-up blocker.
D. Disable ActiveX controls.
Which of the following concepts can ease
administration but can be the victim of malicious
attack?
A. Zombies
B. Backdoors
C. Buffer overflow
D. Group policy
Which of the following concepts can ease
administration but can be the victim of malicious
attack?
A. Zombies
B. Backdoors Backdoors were originally created to
ease administration. However, hackers quickly found
that they could use these backdoors for a malicious
attack.
C. Buffer overflow
D. Group policy
In an attempt to collect information about a user’s
activities, which of the following will be used by
spyware?
A. Session cookie
B. Tracking cookie
C. Shopping cart
D. Persistent cookie
In an attempt to collect information about a user’s
activities, which of the following will be used by
spyware?
A. Session cookie
B. Tracking cookie
C. Shopping cart
D. Persistent cookie
An organization hires you to test an application that
you have limited knowledge of. You are given a login
to the application, but do not have access to source
code. What type of test are you running?
A. Gray box
B. White box
C. Black box
D. SDLC
An organization hires you to test an application that
you have limited knowledge of. You are given a login
to the application, but do not have access to source
code. What type of test are you running?
A. Gray box A gray box test is when you are given
limited information about the system you are testing.
B. White box
C. Black box
D. SDLC
An attacker takes advantage of vulnerability in
programming, which allows the attacker to copy
more than 16 bytes to a standard 16-byte
variable. Which attack is being initiated?
A. Directory traversal
B. Command injection
C. Buffer overflow
D. Code overflow
An attacker takes advantage of vulnerability in
programming, which allows the attacker to copy
more than 16 bytes to a standard 16-byte
variable. Which attack is being initiated?
A. Directory traversal
B. Command injection
C. Buffer overflow
D. Code overflow
You are the security administrator for a multimedia
development company. Users are constantly
searching the Internet for media, information,
graphics, and so on. You receive complaints from
several users about unwanted windows appearing on
their displays. What should you do?
A. Install antivirus software
B. Install pop-up blockers
C. Install screensavers
D. Install a host-based firewall
You are the security administrator for a multimedia
development company. Users are constantly
searching the Internet for media, information,
graphics, and so on. You receive complaints from
several users about unwanted windows appearing on
their displays. What should you do?
A. Install antivirus software
B. Install pop-up blockers
C. Install screensavers
D. Install a host-based firewall
Which of the following attacks uses a JavaScript
image tag in an e-mail?
A. SQL injection
B. Cross-site request forgery
C. XSS - Cross-site scripting
D. Directory traversal
Which of the following attacks uses a JavaScript
image tag in an e-mail?
A. SQL injection
B. Cross-site request forgery
C. XSS - Cross-site scripting
D. Directory traversal
How can you train a user to easily determine
whether a web page has a valid security certificate?
(Select the best answer.)
A. Have the user contact the webmaster.
B. Have the user check for HTTPS://.
C. Have the user click the padlock in the browser and
verify the certificate.
D. Have the user called the ISP.
How can you train a user to easily determine
whether a web page has a valid security certificate?
(Select the best answer.)
A. Have the user contact the webmaster.
B. Have the user check for HTTPS://.
C. Have the user click the padlock in the browser and
verify the certificate.
D. Have the user called the ISP.
Again, use this Chapter 4 prep to
help with Exam #2 (Chapters 4 & 5)