CompTIA Security+ Cert Prep: 2 Secure Code Design and Implementation
What is the name of the application control technology built-in to Microsoft Windows?
AppLocker
What input validation approach works to exclude prohibited input?
Blacklisting
What type of attack seeks to write data to areas of memory reserved for other purposes?
Buffer overflow
Which one of the following is not a standard application hardening technique?
Conduct cross-site scripting
What type of object must a hacker typically access in order to engage in a session hijacking attack?
Cookie
Developers wishing to sign their code must have a _____.
Digital certificate
Alan is analyzing his web server logs and sees several strange entries that contain strings similar to ../../ in URL requests. What type of attack was attempted against his server?
Directory traversal
What attack technique wraps malicious code around a legitimate driver?
Driver shimming
Database normalization should always be used to improve database security
FALSE
Removing names and identification numbers is usually all that is necessary to deidentify a dataset.
FALSE
Static code testing software executes code to verify that it is functioning properly.
FALSE
The DevOps model prioritizes development efforts over operational tasks.
FALSE
What is the most effective defense against cross-site scripting attacks?
Input validation
_____ consist of shared code objects that perform related functions.
Libraries
What phase of the capability maturity model introduces the reuse of code across projects?
Managed
What condition occurs when a software package fails to release memory that it reserved for use?
Memory leak
What type of fuzz testing captures real software input and modifies it?
Mutation fuzzing
What is the first step of a Fagan inspection?
Planning
What component of a change management program includes final testing that the software functions properly?
Release management
What software development methodology uses four stages in an iterative process?
Spiral
Which one of the following technologies is an example of a parameterized query?
Stored procedure
What protocol may be used to secure passwords in transit to a web application?
TLS
Which of the following is a race condition attack?
TOC/TOU
Privilege escalation attacks require a normal user account to execute.
TRUE
The main purpose of a code repository is to store the source files used in software development in a centralized location that allows for secure storage.
TRUE
What data obfuscation technique is intended to be reversible?
Tokenization
What Java clause is critical for error handling?
Try...Catch
Which one of the following is not an effective defense against XSRF attacks?
network segmentation
