6 Application Security

Question 1

What is the purpose of a standardized software development life cycle?

Answer 1

To move software through development, test, staging, and production environments.

Question 2

What should developers understand regarding code reuse?

Answer 2

The issues associated with code reuse and software diversity.

Question 3

Which organization provides industry-standard principles for web application development?

Answer 3

Open Worldwide Application Security Project (OWASP).

Question 4

Name a common vulnerability that software applications may suffer from.

Answer 4

Memory injection, buffer overflow, race condition.

Question 5

What are two web-specific attacks that security professionals should understand?

Answer 5

Structured Query Language injection (SQLi), cross-site scripting (XSS).

Question 6

How can application security be prioritized in operations?

Answer 6

By protecting code through input validation.

Question 7

What is an important security measure for cookies used in web applications?

Answer 7

Transport encryption.

Question 8

What should be routinely done to code to ensure security?

Answer 8

Code review, static and dynamic testing.

Question 9

What does code signing provide to end users?

Answer 9

Assurance that code came from a trusted source.

Question 10

What is the purpose of sandboxing in application security?

Answer 10

To test code in an isolated environment.

Question 11

What is one main benefit of automation in secure operations?

Answer 11

Achieving efficiency and saving time.

Question 12

List two drawbacks of automation.

Answer 12

• Complexity
• Cost

Question 13

What is a drawback of creating automation in security operations?

Answer 13

Creating a single point of failure.

Question 14

Name a common use case of automation and scripting for cybersecurity.

Answer 14

User and resource provisioning, managing security groups.

Question 15

What does continuous integration and testing involve in cybersecurity?

Answer 15

Automation and scripting techniques.

Question 16

Fill in the blank: One benefit of automation is _______.

Answer 16

[workforce multiplier]

Question 17

True or False: Automation in security operations can lower reaction times.

Answer 17

True.

Question 18

What can technical debt in automation lead to?

Answer 18

Maintenance, ongoing supportability issues.

Question 19

What is a use case for application programming interfaces (APIs) in cybersecurity?

Answer 19

Creating and escalating tickets.