Test 16 Flashcards

1
Q

Which of the following answers refers to a deprecated wireless authentication protocol developed by Cisco?

A

LEAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the answers listed below refers to an open standard wireless network authentication protocol that enhances security by encapsulating authentication process within an encrypted TLS tunnel?

A

PEAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the programming aspects listed below are critical in the secure application development process? (Select 2 answers)

A

Input validation
Error and exception handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A situation in which a web form field accepts data other than expected (e.g., server commands) is an example of:

A

Improper input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following answers refers to a countermeasure against code injection?

A

Input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The term “Secure cookie” refers to a type of HTTP cookie that is transmitted over an encrypted HTTPS connection, which helps prevent the cookie from being intercepted or tampered with during transit.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the terms listed below refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application’s source code?

A

Static code analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The term “Static code analysis” refers to the process of discovering application runtime errors.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of code signing? (Select 2 answers)

A

Confirms the application’s source of origin ( Missed)
Validates the application’s integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

A

Fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

A

Sandboxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following answers refers to a Windows-specific feature for handling exceptions, errors, and abnormal conditions in software?

A

SEH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Address Space Layout Randomization (ASLR) is an OS security technique that randomizes the location of key data areas in memory. The purpose of ASLR is to prevent attackers from predicting the location of specific code or data in memory, which adds a layer of defense against memory-based attacks, such as buffer overflows.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A type of user identification mechanism used as a countermeasure against automated software (such as network bots) is known as:

A

CAPTCHA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the answers listed below refers to a hardware monitoring and asset tracking method?

A

Barcode labels
QR codes
RFID tags
GPS tracking

17
Q

Which of the following wireless technologies enables identification and tracking of tags attached to objects?

A

RFID

18
Q

Which type of software enables monitoring and tracking of mobile devices?

A

MDM

19
Q

One of the ways to prevent data recovery from a storage drive is to overwrite its contents. The data overwriting technique is used by drive wipe utilities which might employ different methods (including multiple overwriting rounds) to decrease the likelihood of data retrieval. As an example, a disk sanitization utility might overwrite the data on the drive with the value of one in the first pass, change that value to zero in the second pass, and finally perform a few more passes, overwriting the contents with random characters.

A

True

20
Q

Which of the destruction tools/methods listed below allow(s) for secure disposal of physical documents? (Select all that apply)

A

Shredding ( Missed)

Burning

21
Q

Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive?

A

Degaussing

22
Q

Certificate of destruction is a document issued by companies that conduct secure device/document disposal. The certificate verifies proper asset destruction and can be used for auditing purposes. In case of device disposal, the document includes a list of all the items that have been destroyed along with their serial numbers. It may also describe the destruction method, specify location (on-site/off-site), or list the names of witnesses who oversaw the entire process.

A

True

23
Q

Which policy typically specifies the period during which certain types of data must be stored prior to disposal?

A

Data retention policy

24
Q

Vulnerability scanning: (Select all that apply)

A

Identifies lack of security controls ( Missed)

Identifies common misconfigurations ( Missed)

Passively tests security controls

25
Q

Which of the answers listed below refer to the characteristic features of static code analysis? (Select 3 answers)

A

You left the correct answer unselected.
Involves examining the code without executing it ( Missed)
Often used early in the development process ( Missed)
Examines code structure, syntax, and semantics to detect issues like syntax errors, coding standards violations, security vulnerabilities, and bugs