Dev

Question 1

What are the top three in the top 10 OWASP web application security risks.

A. Insecure Direct Object Reference
B. Cross-Site Request Forgery (CSRF)
C Cross-Site Scripting (XSS)
D. Injection
E. Sensitive Data exposure
F. Security Misconfiguration
G. Broken Authentication and Session Management
H. Using Components with Known Vulnerabilities

Answer 1

C, D, G

Question 2

This is the act of sending random data to the target program in order to trigger failures.

Answer 2

Fuzzing

Question 3

Various levels of testing should be carried out during development. Which of following is not a testing type?

A. Acceptance
B. Regression
C. Aggregation
D. Integration
E. Unit

Answer 3

Acceptance testing = Ensuring code meets customer requirements

Regression testing = Testing after changes take place

Integration = verifying components work together in the production environment.

Unit = testing individual components. Mature developers develop unit tests for their modules before they even start coding or in parallel. Known as TEST-DRIVEN development.

Question 4

This type of programming provides modularity, reusabilty, and more granular control within the programs themselves compared to classical programming languages.

Answer 4

Object-oriented programming

OOP

Question 5

This type of XSS attack exploits the lack of proper input or output validation on dynamic websites.

Answer 5

nonpersistent XSS

Question 6

This type of XSS attack is when a the attacker loads malicious code on a server that attacks visiting browsers.

Answer 6

persistent XSS

Question 7

Category of programming language that is written in binary.

Answer 7

Machine language

Question 8

A category of programming language that is not portable, is low-level, and is a symbolic representation of machine-level instructions

Answer 8

Assembly language

Question 9

Converts assembly code to machine code.

Answer 9

Assemblers

Question 10

Converts high-level language statements into the necessary machine-level format for specific processors to understand.

Answer 10

Compilers

Question 11

In the right kind of environment, this can perform the last step of transforming high-level code to machine-level code. Improves portability and handles memory management, but requires that the ___________ be installed on the local machine.

Answer 11

interpreter

Question 12

Heuristic detection approaches in antimalware products include static analysis and dynamic analysis where an AV allows a piece of the suspected code to run in a sandbox or virtual machine, sometimes called an ____________ .

Answer 12

emulation buffer

Question 13

This type of virus hides the modifications it has made to files or boot records. It can use tunneling tactics or other tactics to hide it’s footprint and activities.

Answer 13

Stealth virus

Question 14

This type of virus produces varied but operational copies of itself in an attempt to defeat virus scans.

Answer 14

Polymorphic virus

Question 15

Object-Oriented programming (OOP) works with classes and objects. Table, chair, couch are objects of the class furniture. The class has a set of attributes, like color, dimension, weight, style, and cost. The attributes apply to all object members in the class. This is also called _____________.

Answer 15

instantiated

Question 16

Software written in OOP has requests sent to it, usually from another object, which creates another object to carry out some sort of functionality. The object can even be indifferent programming languages as long as the requesting object knows the API.

Answer 16

Just FYI

Question 17

In OOP, this is the functionality or procedure an object can carry out

Answer 17

method

Question 18

Objects ____________ the attribute values, which means this information is packaged under one name and can be reused as one entity by other objects

Answer 18

encapsulate

Question 19

This is also what encapsulation provides in OOP. Objects can have a “shared” portion which is the API. The “private” portion of how it actually works.

Answer 19

data hiding

Question 20

If a module carries out only one task or tasks that are very similar it is said to have high _________ . This is good because it’ll be easier to update or modify without affecting other modules.

Answer 20

cohesion

Question 21

This is a measurement that indicates how much interaction one module requires to carry out its tasks. The lower the better… lower meaning it does not need to communicate with many other modules.

Answer 21

coupling

Question 22

This manages communication between objects and enables them to interact in a heterogeneous and distributed environment.

A. Component Object Model (COM)
B. Object request broker (ORB)
C. Object Linking and embedding (OLE)
D. Common Object Request Broker Architecture (CORBA)

Answer 22

Object request broker (ORB)

Question 23

This provides a standardized way for objects within different applications, platforms, and environments to communicate. It accomplishes this by providing standards for interfaces between objects.

A. Component Object Model (COM)
B. Object request broker (ORB)
C. Object Linking and embedding (OLE)
D. Common Object Request Broker Architecture (CORBA)

Answer 23

Common Object Request Broker Architecture (CORBA)

Question 24

This provides an architecture for components to interact on a local system. The distributed version uses the same interfaces, but enables components to interact over a distributed, or networked, environment.

A. Component Object Model (COM)
B. Object request broker (ORB)
C. Object Linking and embedding (OLE)
D. Common Object Request Broker Architecture (CORBA)

Answer 24

Component Object Model (COM)

DCOM = Distributed COM

Question 25

Enables a program to call another program (linking) and permits a piece of data to be inserted inside another program or document (embedding).

A. Component Object Model (COM)
B. Object request broker (ORB)
C. Object Linking and embedding (OLE)
D. Common Object Request Broker Architecture (CORBA)

Answer 25

Object Linking and embedding (OLE)