application defense

Question 1

a programming language designed to handle the occurrence of exceptions

Answer 1

error and exception handling

Question 2

special conditions that change the normal flow of program executions

Answer 2

exceptions

Question 3

the process of ensuring that a programs operates on clean, correct, and useful data is called

Answer 3

input validation

Question 4

this mode makes it more difficult for malicious software to be installed on the computer

Answer 4

enable protected mode from internet explorer

Question 5

it is used by internet explorer to control add-ons

Answer 5

ActiveX

Question 6

text files, stored on a computer to save information about your preferences, browser settings, and web page preferences

Answer 6

cookies

Question 7

cookies used by the site you are visiting

Answer 7

first party cookies

Question 8

cookies placed by sites linked to the site you are visiting

Answer 8

third party cookies

Question 9

software that allows users to share contents and access contents shared by other users

Answer 9

peer-to-peer (P2P)

Question 10

this attack uses LDAP statements with arbitrary commands to exploit Web-based applications with access to a directory service.

Answer 10

LDAP injection

Question 11

this attack injects and executes unwanted commands on the application

Answer 11

command injection

Question 12

this attack includes database commands and those commands subsequently execute on the server.

Answer 12

SQL injection

Question 13

this attacked forces a program to load a dynamic-link library (DLL).

Answer 13

DLL injection

Question 14

this attack uses specific characters to traverse to the parent directory in a file system

Answer 14

Directory traversal

Question 15

the process of including invalid data in an HTTP response header.

Answer 15

Header manipulation

Question 16

this attack exploits computer application vulnerabilities before they are known and patched by the application’s developer

Answer 16

Zero-day

Question 17

this attack exploits vulnerabilities in client applications that interact with a malicious server

Answer 17

Client-side

Question 18

if run-time failures within if the code doesn’t produce memory leaks, garbled data, or invalid output; the application code is considered to be

Answer 18

exception-safe

Question 19

a software testing technique that detects security problems by providing invalid, unexpected, or random data to the inputs of an application is called

Answer 19

fuzz testing

Question 20

a systematic examination of an application’s source code is called

Answer 20

code review

Question 21

a set of requirements to establish a standard configuration for all systems.

Answer 21

baselines

Question 22

the process of testing an application under development

Answer 22

configuration testing