Application Security Quiz

Question 1

Which of the programming aspects listed below are critical in the secure application development process? (Select 2 answers)

A) Patch management
B) Input validation
C) Password protection
D) Error and exception handling
E)Application whitelisting

Answer 1

B) Input validation

D) Error and exception handling

Question 2

A situation in which a web form field accepts data other than expected (e.g., server commands) is an example of:

A) Zero-day vulnerability
B) Improper input validation
C) Default configuration
D) Improper error handling

Answer 2

B) Improper input validation

Question 3

Which of the following answers refers to a countermeasure against code injection?

A) Fuzzing
B) Input validation
C) Code signing
D) Normalization

Answer 3

B) Input validation

Question 4

Which of the terms listed below refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application’s source code?

A) Input validation
B) Dynamic code analysis
C) Fuzzing
D) Static code analysis

Answer 4

D) Static code analysis

Question 5

The term “Secure cookie” refers to a type of HTTP cookie that is transmitted over an encrypted HTTPS connection, which helps prevent the cookie from being intercepted or tampered with during transit.

A) True
B) False

Answer 5

A) True

Question 6

A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.

A) True
B) False

Answer 6

B) False

Question 7

The term “Static code analysis” refers to the process of discovering application runtime errors.

A) True
B) False

Answer 7

B) False

Question 8

What is the purpose of code signing? (Select 2 answers)

A) Disables code reuse

B) Confirms the application’s source of origin

C) Enables application installation

D) Validates the application’s integrity

E) Protects the application against unauthorized use

Answer 8

D) Validates the application’s integrity

B) Confirms the application’s source of origin

Question 9

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

A) Normalization
B) Hardening
C) Dynamic code analysis
D) Fuzzing

Answer 9

D) Fuzzing

Question 10

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

A) Sideloading
B) Virtualization
C) Sandboxing
D) Stress testing

Answer 10

C) Sandboxing

Question 11

Which of the following answers refers to a Windows-specific feature for handling exceptions, errors, and abnormal conditions in software?

A) EPC
B) SEH
C) EH
D) EXR

Answer 11

B) SEH

Question 12

Address Space Layout Randomization (ASLR) is an OS security technique that randomizes the location of key data areas in memory. The purpose of ASLR is to prevent attackers from predicting the location of specific code or data in memory, which adds a layer of defense against memory-based attacks, such as buffer overflows.

A) True
B) False

Answer 12

A) True

Question 13

A type of user identification mechanism used as a countermeasure against automated software (such as network bots) is known as:

A) MFA
B) CAPTCHA
C) SSO
D) NIDS