Practice Test: Module 04 Endpoint and Application Development Security
Which of the following is true for KRI?
A KRI exceeding its normal bounds is not always an indicator of compromise.
Your organization is planning to be a part of the CISCP program as a partner. As an information security expert in your company, you are approached by your CEO, who wants to understand how the speed limit of public information centers like CISCP is handled. How should you explain how this speed limit is handled to him?
CISCP implements AIS, which resolves the speed limit issue of public information centers.
Which of the following HTTP response headers provides protection against injection attacks?
Content security policy
Pooja wants to make a list of confinement tools to ensure her operating system is protected from unknown file and application hazards. Which of the following should NOT be used as a confinement tool?
Honeypots
Johann is heading a project team creating a hospital accounting application using an RDBMS. When the application is tested by the company's software testing team, it is noticed that the application shows vulnerabilities when incorrect values are entered. What should Johann implement to ensure that the incorrect input vulnerabilities are removed, and values are verified before the application sends data to the database?
Implement input validation
Which of the following boot security modes provides the highest degree of security?
Measured boot
Which of the following is a coding technique wherein an application is written so that its functionality is difficult for an outsider to understand?
Obfuscation code
You download a Word file sent to you through email. When you open the file, the file is in a protected view with the option "Enable Editing" visible on top. This happens due to which of the following confinement tools?
Quarantine
Which protocol is used in AIS? AIS- A technology that enables the exchange of cyberthreat indicators between parties through computer-to-computer communication
TAXII - AN application protocol for exchanging cyberthreat intelligence over hypertext Transfer Protocol Secure (HTTPS)
XYZ Company is developing an application. After a few months of initial development, they decide to go through quality assurance testing. The tests show poor results. The developers realize that they have to make changes to their application but to do so, they will have to start their development process all over again. What kind of model are they using?
Waterfall model
