Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Cyber Security Study > 8.9.12 Practice Questions > Flashcards

8.9.12 Practice Questions Flashcards

1
Q

Question 1.
A software development team is working on an application that will handle sensitive user data. The team has already implemented static application security testing (SAST) in the early stages of development.
As the application nears deployment, what additional secure testing method should the team consider implementing and why?

answer
Interactive application security testing (IAST) because it can access interpreters and compilers, allowing precise identification of a problematic line of code in runtime.

Dynamic application security testing (DAST) because it can test the application after deployment and from the outside.

No additional testing is needed because SAST is sufficient for ensuring the security of the application.

Additional static application security testing (SAST) because it can identify the exact cause of a coding problem.

A

Correct Answer:
Dynamic application security testing (DAST) because it can test the application after deployment and from the outside.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question 2.
Which of the following are the two main causes of software vulnerabilities? (Select two.)

answer
Obfuscation
Normalization:
Design flaws
Coding errors
Fuzzing

A

Correct Answer:
Design flaws

Correct Answer:
Coding errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question 3.
A software development team is using the Agile development life cycle model for a new project.
During a sprint, they realize that a feature they are working on is more complex than initially thought and cannot be completed within the current sprint.
What should the team do?

answer
Continue working on the feature past the end of the sprint until it is completed.

Move on to the next feature and return to the complex feature in a future sprint.

Drop the feature from the project.

Break the feature down into smaller tasks and distribute them over the next few sprints.

A

Correct Answer:
Break the feature down into smaller tasks and distribute them over the next few sprints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question 4.
Which of the following is considered a drawback of the Waterfall application development life cycle?

answer
Each step in the life cycle only needs to be completed once before moving on to the next one.

Requirements are determined at the beginning and are carried through to the end product.

Testing is performed throughout development.

Development is broken into Sprints.

A

Correct Answer:
Requirements are determined at the beginning and are carried through to the end product.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question 5.
John, a software developer, is working on a project that involves creating a proprietary algorithm for his company.
He wants to ensure that even if someone gets access to the source code, they would have a hard time understanding the logic and purpose of the code.
Which secure coding concept should John use?

answer
Normalization
Code reuse
Code obfuscation
Stored procedures

A

Correct Answer:
Code obfuscation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question 6.
Which fuzz testing program type defines new test data based on models of the input?
answer
Code signing
Memory management
Mutation-based
Generation-based

A

Correct Answer:
Generation-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question 7.
What is a set of software development tools called that can be installed as one unit and provides code frameworks or code snippets to help development go faster?

answer
Repository
SDK
Memory management
Code signing

A

Correct Answer:
SDK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question 8.
As a security administrator, you have been tasked with hardening a critical application in your organization’s IT infrastructure.
The application is complex and developed by a third party. It is also designed to accept input from users. The application has unique functionalities necessary for business operations but may pose security risks.
Which of the following application hardening techniques would be the BEST solution for you to use?

answer
Control access to executable files.
Use exception rules.
Implement third-party application hardening tools.
Block process spawning.

A

Correct Answer:
Use exception rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Question 9.
Which of the following is a basic hardening guideline for applications?

answer
Update all applications with the latest patches when security bulletins are released.
Grant administrative privileges to all users.
Assume all installed applications are flawless.
Allow unrestricted access to the application.

A

Correct Answer:
Update all applications with the latest patches when security bulletins are released.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Question 10.
You are a security administrator for a large corporation. One of your applications has been experiencing frequent attacks where threat agents are creating new processes from existing ones, leading to system instability and potential data breaches.
Which application hardening technique would be the MOST effective in this situation?

answer
Implement third-party application hardening tools.
Use exception rules.
Block process spawning.
Monitor logs.

A

Correct Answer:
Block process spawning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cyber Security Study (36 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions