Test 16

Question 1

Which of the following answers refers to a deprecated wireless authentication protocol developed by Cisco?

Answer 1

LEAP

Question 2

Which of the answers listed below refers to an open standard wireless network authentication protocol that enhances security by encapsulating authentication process within an encrypted TLS tunnel?

Answer 2

PEAP

Question 3

Which of the programming aspects listed below are critical in the secure application development process? (Select 2 answers)

Answer 3

Input validation
Error and exception handling

Question 4

A situation in which a web form field accepts data other than expected (e.g., server commands) is an example of:

Answer 4

Improper input validation

Question 5

Which of the following answers refers to a countermeasure against code injection?

Answer 5

Input validation

Question 6

The term “Secure cookie” refers to a type of HTTP cookie that is transmitted over an encrypted HTTPS connection, which helps prevent the cookie from being intercepted or tampered with during transit.

Answer 6

True

Question 7

Which of the terms listed below refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application’s source code?

Answer 7

Static code analysis

Question 8

A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.

Answer 8

False

Question 9

The term “Static code analysis” refers to the process of discovering application runtime errors.

Answer 9

False

Question 10

What is the purpose of code signing? (Select 2 answers)

Answer 10

Confirms the application’s source of origin ( Missed)
Validates the application’s integrity

Question 11

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

Answer 11

Fuzzing

Question 12

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

Answer 12

Sandboxing

Question 13

Which of the following answers refers to a Windows-specific feature for handling exceptions, errors, and abnormal conditions in software?

Answer 13

SEH

Question 14

Address Space Layout Randomization (ASLR) is an OS security technique that randomizes the location of key data areas in memory. The purpose of ASLR is to prevent attackers from predicting the location of specific code or data in memory, which adds a layer of defense against memory-based attacks, such as buffer overflows.

Answer 14

True

Question 15

A type of user identification mechanism used as a countermeasure against automated software (such as network bots) is known as:

Answer 15

CAPTCHA

Question 16

Which of the answers listed below refers to a hardware monitoring and asset tracking method?

Answer 16

Barcode labels
QR codes
RFID tags
GPS tracking

Question 17

Which of the following wireless technologies enables identification and tracking of tags attached to objects?

Answer 17

RFID

Question 18

Which type of software enables monitoring and tracking of mobile devices?

Answer 18

MDM

Question 19

One of the ways to prevent data recovery from a storage drive is to overwrite its contents. The data overwriting technique is used by drive wipe utilities which might employ different methods (including multiple overwriting rounds) to decrease the likelihood of data retrieval. As an example, a disk sanitization utility might overwrite the data on the drive with the value of one in the first pass, change that value to zero in the second pass, and finally perform a few more passes, overwriting the contents with random characters.

Answer 19

True

Question 20

Which of the destruction tools/methods listed below allow(s) for secure disposal of physical documents? (Select all that apply)

Answer 20

Shredding ( Missed)

Burning

Question 21

Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive?

Answer 21

Degaussing

Question 22

Certificate of destruction is a document issued by companies that conduct secure device/document disposal. The certificate verifies proper asset destruction and can be used for auditing purposes. In case of device disposal, the document includes a list of all the items that have been destroyed along with their serial numbers. It may also describe the destruction method, specify location (on-site/off-site), or list the names of witnesses who oversaw the entire process.

Answer 22

True

Question 23

Which policy typically specifies the period during which certain types of data must be stored prior to disposal?

Answer 23

Data retention policy

Question 24

Vulnerability scanning: (Select all that apply)

Answer 24

Identifies lack of security controls ( Missed)

Identifies common misconfigurations ( Missed)

Passively tests security controls

Question 25

Which of the answers listed below refer to the characteristic features of static code analysis? (Select 3 answers)

Answer 25

You left the correct answer unselected.
Involves examining the code without executing it ( Missed)
Often used early in the development process ( Missed)
Examines code structure, syntax, and semantics to detect issues like syntax errors, coding standards violations, security vulnerabilities, and bugs