CompTIA Security+ Cert Prep: 2 Secure Code Design and Implementation

¡Supera tus tareas y exámenes ahora con Quizwiz!

What is the name of the application control technology built-in to Microsoft Windows?

AppLocker

What input validation approach works to exclude prohibited input?

Blacklisting

What type of attack seeks to write data to areas of memory reserved for other purposes?

Buffer overflow

Which one of the following is not a standard application hardening technique?

Conduct cross-site scripting

What type of object must a hacker typically access in order to engage in a session hijacking attack?

Cookie

Developers wishing to sign their code must have a _____.

Digital certificate

Alan is analyzing his web server logs and sees several strange entries that contain strings similar to ../../ in URL requests. What type of attack was attempted against his server?

Directory traversal

What attack technique wraps malicious code around a legitimate driver?

Driver shimming

Database normalization should always be used to improve database security

FALSE

Removing names and identification numbers is usually all that is necessary to deidentify a dataset.

FALSE

Static code testing software executes code to verify that it is functioning properly.

FALSE

The DevOps model prioritizes development efforts over operational tasks.

FALSE

What is the most effective defense against cross-site scripting attacks?

Input validation

_____ consist of shared code objects that perform related functions.

Libraries

What phase of the capability maturity model introduces the reuse of code across projects?

Managed

What condition occurs when a software package fails to release memory that it reserved for use?

Memory leak

What type of fuzz testing captures real software input and modifies it?

Mutation fuzzing

What is the first step of a Fagan inspection?

Planning

What component of a change management program includes final testing that the software functions properly?

Release management

What software development methodology uses four stages in an iterative process?

Spiral

Which one of the following technologies is an example of a parameterized query?

Stored procedure

What protocol may be used to secure passwords in transit to a web application?

TLS

Which of the following is a race condition attack?

TOC/TOU

Privilege escalation attacks require a normal user account to execute.

TRUE

The main purpose of a code repository is to store the source files used in software development in a centralized location that allows for secure storage.

TRUE

What data obfuscation technique is intended to be reversible?

Tokenization

What Java clause is critical for error handling?

Try...Catch

Which one of the following is not an effective defense against XSRF attacks?

network segmentation


Conjuntos de estudio relacionados

biology class normal lecture exams

View Set

NU373 Week 1 EAQ Evolve Elsevier: Fluids and Electrolytes (F&E)

View Set

CNA 210 | Ch. 5, Networking & Server Attacks

View Set

AP Psychology Chapter 5: States of Consciousness Multiple Choice Part 2/2

View Set