Test 16 Flashcards
Which of the following answers refers to a deprecated wireless authentication protocol developed by Cisco?
LEAP
Which of the answers listed below refers to an open standard wireless network authentication protocol that enhances security by encapsulating authentication process within an encrypted TLS tunnel?
PEAP
Which of the programming aspects listed below are critical in the secure application development process? (Select 2 answers)
Input validation
Error and exception handling
A situation in which a web form field accepts data other than expected (e.g., server commands) is an example of:
Improper input validation
Which of the following answers refers to a countermeasure against code injection?
Input validation
The term “Secure cookie” refers to a type of HTTP cookie that is transmitted over an encrypted HTTPS connection, which helps prevent the cookie from being intercepted or tampered with during transit.
True
Which of the terms listed below refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application’s source code?
Static code analysis
A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.
False
The term “Static code analysis” refers to the process of discovering application runtime errors.
False
What is the purpose of code signing? (Select 2 answers)
Confirms the application’s source of origin ( Missed)
Validates the application’s integrity
The practice of finding vulnerabilities in an application by feeding it incorrect input is called:
Fuzzing
In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:
Sandboxing
Which of the following answers refers to a Windows-specific feature for handling exceptions, errors, and abnormal conditions in software?
SEH
Address Space Layout Randomization (ASLR) is an OS security technique that randomizes the location of key data areas in memory. The purpose of ASLR is to prevent attackers from predicting the location of specific code or data in memory, which adds a layer of defense against memory-based attacks, such as buffer overflows.
True
A type of user identification mechanism used as a countermeasure against automated software (such as network bots) is known as:
CAPTCHA