Quix11 - D8 - 50Q

Beschreibung

Good Luck!
Requiemdust Sheena
Quiz von Requiemdust Sheena, aktualisiert more than 1 year ago
Requiemdust Sheena
Erstellt von Requiemdust Sheena vor mehr als 4 Jahre
145
0

Zusammenfassung der Ressource

Frage 1

Frage
Linda is reviewing posts to a user forum on her company’s website and, when she browses a certain post, a message pops up in a dialog box on her screen reading “Alert.” She reviews the source code for the post and finds the following code snippet: <script>alert(‘Alert’);</script> Linda communicates with the vendor and determines that no patch is available to correct this vulnerability. Which one of the following devices would best help her defend the application against further attack?
Antworten
  • A. VPN
  • B. WAF
  • C. DLP
  • D. IDS

Frage 2

Frage
Linda is reviewing posts to a user forum on her company’s website and, when she browses a certain post, a message pops up in a dialog box on her screen reading “Alert.” She reviews the source code for the post and finds the following code snippet: <script>alert(‘Alert’);</script> What was the likely motivation of the user who posted the message on the forum containing this code?
Antworten
  • A. Reconnaissance
  • B. Theft of sensitive information
  • C. Credential stealing
  • D. Social engineering

Frage 3

Frage
Linda is reviewing posts to a user forum on her company’s website and, when she browses a certain post, a message pops up in a dialog box on her screen reading “Alert.” She reviews the source code for the post and finds the following code snippet: <script>alert(‘Alert’);</script> In further discussions with the vendor, Linda finds that they are willing to correct the issue but do not know how to update their software. What technique would be most effective in mitigating the vulnerability of the application to this type of attack?
Antworten
  • A. Bounds checking
  • B. Peer review
  • C. Input validation
  • D. OS patching

Frage 4

Frage
What property of relational databases ensures that once a database transaction is committed to the database, it is preserved?
Antworten
  • A. Atomicity
  • B. Consistency
  • C. Durability
  • D. Isolation

Frage 5

Frage
Lauren wants to use software review process for the application she is working on. Which of the following processes would work best if she is a remote worker who works different hours from the rest of her team?
Antworten
  • A. Pass around
  • B. Pair programming
  • C. Team review
  • D. Fagan inspection

Frage 6

Frage
Which one of the following is not a technique used by virus authors to hide the existence of their virus from antimalware software?
Antworten
  • A. Stealth
  • B. Multipartitism
  • C. Polymorphism
  • D. Encryption

Frage 7

Frage
Which one of the following types of software testing usually occurs last and is executed against test scenarios?
Antworten
  • A. Unit testing
  • B. Integration testing
  • C. User acceptance testing
  • D. System testing

Frage 8

Frage
What type of requirement specifies what software must do by describing the inputs, behavior, and outputs of software?
Antworten
  • A. Derived requirements
  • B. Structural requirements
  • C. Behavioral requirements
  • D. Functional requirements

Frage 9

Frage
Which of the following organizations is widely considered as the definitive source for information on web-based attack vectors?
Antworten
  • A. (ISC)2
  • B. ISACA
  • C. OWASP
  • D. Mozilla Foundation

Frage 10

Frage
If Chris is writing code for an application, what phase of the Agile process is he in?
Antworten
  • A. Planning
  • B. Sprints
  • C. Deployment
  • D. Development

Frage 11

Frage
Lisa is attempting to prevent her network from being targeted by IP spoofing attacks as well as preventing her network from being the source of those attacks. Which one of the following rules is NOT a best practice that Lisa can configure at her network border?
Antworten
  • A. Block packets with internal source addresses from entering the network.
  • B. Block packets with external source addresses from leaving the network.
  • C. Block packets with private IP addresses from exiting the network.
  • D. Block packets with public IP addresses from entering the network.

Frage 12

Frage
What type of attack is demonstrated in the following C programming language example? int myarray[10]; myarray[10] = 8;
Antworten
  • A. Mismatched data types
  • B. Overflow
  • C. SQL injection
  • D. Covert channel

Frage 13

Frage
Which one of the following database issues occurs when one transaction writes a value to the database that overwrites a value that was needed by transactions with earlier precedence?
Antworten
  • A. Dirty read
  • B. Incorrect summary
  • C. Lost update
  • D. SQL injection

Frage 14

Frage
Which one of the following is the most effective control against session hijacking attacks?
Antworten
  • A. TLS
  • B. Complex session cookies
  • C. SSL
  • D. Expiring cookies frequently

Frage 15

Frage
Faith is looking at the /etc/passwd file on a system configured to use shadowed passwords. When she examines a line in the file for a user with interactive login permissions, what should she expect to see in the password field?
Antworten
  • A. Plaintext password
  • B. Hashed password
  • C. x
  • D. *

Frage 16

Frage
What type of vulnerability does a TOCTOU attack target?
Antworten
  • A. Lack of input validation
  • B. Race condition
  • C. Injection flaw
  • D. Lack of encryption

Frage 17

Frage
While evaluating a potential security incident, Harry comes across a log entry from a web server request showing that a user entered the following input into a form field: CARROT’&1=1;-- What type of attack was attempted?
Antworten
  • A. Buffer overflow
  • B. Cross-site scripting
  • C. SQL injection
  • D. Cross-site request forgery

Frage 18

Frage
Which one of the following is not an effective control against SQL injection attacks?
Antworten
  • A. Escaping
  • B. Client-side input validation
  • C. Parameterization
  • D. Limiting database permissions

Frage 19

Frage
What type of project management tool is shown in the figure?
Antworten
  • A. WBS chart
  • B. PERT chart
  • C. Gantt chart
  • D. Wireframe diagram

Frage 20

Frage
In what software testing technique does the evaluator retest a large number of scenarios each time that the software changes to verify that the results are consistent with a standard baseline?
Antworten
  • A. Orthogonal array testing
  • B. Pattern testing
  • C. Matrix testing
  • D. Regression testing

Frage 21

Frage
Which one of the following conditions may make an application most vulnerable to a cross-site scripting (XSS) attack?
Antworten
  • A. Input validation
  • B. Reflected input
  • C. Unpatched server
  • D. Promiscuous firewall rules

Frage 22

Frage
Roger is conducting a software test for a tax preparation application developed by his company. End users will access the application over the Web, but Roger is conducting his test on the back end, evaluating the source code on the web server. What type of test is Roger conducting?
Antworten
  • A. White box
  • B. Gray box
  • C. Blue box
  • D. Black box

Frage 23

Frage
Which of the following statements is true about heuristic-based antimalware software?
Antworten
  • A. It has a lower false positive rate than signature detection.
  • B. It requires frequent definition updates to detect new malware.
  • C. It has a higher likelihood of detecting zero-day exploits than signature detection.
  • D. It monitors systems for files with content known to be viruses.

Frage 24

Frage
Martin is inspecting a system where the user reported unusual activity, including disk activity when the system is idle and abnormal CPU and network usage. He suspects that the machine is infected by a virus but scans come up clean. What malware technique might be in use here that would explain the clean scan results?
Antworten
  • A. File infector virus
  • B. MBR virus
  • C. Service injection virus
  • D. Stealth virus

Frage 25

Frage
Tomas discovers a line in his application log that appears to correspond with an attempt to conduct a directory traversal attack. He believes the attack was conducted using URL encoding. The line reads: %252E%252E%252F%252E%252E%252Fetc/passwd What character is represented by the %252E value?
Antworten
  • A. .
  • B. ,
  • C. ;
  • D. /

Frage 26

Frage
An attacker posted a message to a public discussion forum that contains an embedded malicious script that is not displayed to the user but executes on the user’s system when read. What type of attack is this?
Antworten
  • A. Persistent XSRF
  • B. Nonpersistent XSRF
  • C. Persistent XSS
  • D. Nonpersistent XSS

Frage 27

Frage
Which one of the following is not a principle of the Agile software development process?
Antworten
  • A. Welcome changing requirements, even late in the development process.
  • B. Maximizing the amount of work not done is essential.
  • C. Clear documentation is the primary measure of progress.
  • D. Build projects around motivated individuals.

Frage 28

Frage
What are the two components of an expert system?
Antworten
  • A. Decision support system and neural network
  • B. Inference engine and neural network
  • C. Neural network and knowledge bank
  • D. Knowledge bank and inference engine

Frage 29

Frage
Neal is working with a DynamoDB database. The database is not structured like a relational database but allows Neal to store data using a key-value store. What type of database is DynamoDB?
Antworten
  • A. Relational database
  • B. Graph database
  • C. Hierarchical database
  • D. NoSQL database

Frage 30

Frage
In the transaction shown here, what would happen if the database failed in between the first and second update statements?
Antworten
  • A. The database would credit the first account with $250 in funds but then not reduce the balance of the second account.
  • B. The database would ignore the first command and only reduce the balance of the second account by $250.
  • C. The database would roll back the transaction, ignoring the results of both commands.
  • D. The database would successfully execute both commands.

Frage 31

Frage
In the diagram shown here, which is an example of an attribute?
Antworten
  • A. Account
  • B. Owner
  • C. AddFunds
  • D. None of the above

Frage 32

Frage
Which one of the following statements is true about software testing?
Antworten
  • A. Static testing works on runtime environments.
  • B. Static testing performs code analysis.
  • C. Dynamic testing uses automated tools, but static testing does not.
  • D. Static testing is a more important testing technique than dynamic testing.

Frage 33

Frage
David is working on developing a project schedule for a software development effort, and he comes across the chart shown here. What type of chart is this?
Antworten
  • A. Work breakdown structure
  • B. Functional requirements
  • C. PERT chart
  • D. Gantt chart

Frage 34

Frage
Barry is a software tester who is working with a new gaming application developed by his company. He is playing the game on a smartphone to conduct his testing in an environment that best simulates a normal end user, but he is referencing the source code as he conducts his test. What type of test is Barry conducting?
Antworten
  • A. White box
  • B. Black box
  • C. Blue box
  • D. Gray box

Frage 35

Frage
Miguel recently completed a penetration test of the applications that his organization uses to handle sensitive information. During his testing, he discovered a condition where an attacker can exploit a timing condition to manipulate software into allowing him to perform an unauthorized action. Which one of the following attack types fits this scenario?
Antworten
  • A. SQL injection
  • B. Cross-site scripting
  • C. Pass the hash
  • D. TOC/TOU

Frage 36

Frage
What part of the security review process are the input parameters shown in the diagram used for?
Antworten
  • A. SQL injection review
  • B. Sprint review
  • C. Fagan inspection
  • D. Attack surface identification

Frage 37

Frage
What application security process can be described in these three major steps? 1. Decomposing the application 2. Determining and ranking threats 3. Determining countermeasures and mitigation
Antworten
  • A. Fagan inspection
  • B. Threat modeling
  • C. Penetration testing
  • D. Code review

Frage 38

Frage
Which one of the following approaches to failure management is the most conservative from a security perspective?
Antworten
  • A. Fail open
  • B. Fail mitigation
  • C. Fail clear
  • D. Fail closed

Frage 39

Frage
What software development model is shown in the figure?
Antworten
  • A. Waterfall
  • B. Agile
  • C. Lean
  • D. Spiral

Frage 40

Frage
Which of the following database keys is used by an RDBMS to uniquely identify each row in a database table?
Antworten
  • A. Foreign key
  • B. Primary key
  • C. Candidate key
  • D. Referential key

Frage 41

Frage
Which one of the following change management processes is initiated by users rather than developers?
Antworten
  • A. Request control
  • B. Change control
  • C. Release control
  • D. Design review

Frage 42

Frage
Which one of the following techniques is an effective countermeasure against some inference attacks?
Antworten
  • A. Input validation
  • B. Parameterization
  • C. Polyinstantiation
  • D. Server-side validation

Frage 43

Frage
Ursula is a government web developer who recently created a public application that offers property records. She would like to make it available for other developers to integrate into their applications. What can Ursula create to make it easiest for developers to call her code directly and integrate the output into their applications?
Antworten
  • A. Object model
  • B. Data dictionary
  • C. API
  • D. Primary key

Frage 44

Frage
During what phase of the IDEAL model do organizations develop a specific plan of action for implementing change?
Antworten
  • A. Initiating
  • B. Diagnosing
  • C. Establishing
  • D. Acting

Frage 45

Frage
TJ is inspecting a system where the user reported a strange error message and the inability to access files. He sees the window shown in this figure. What type of malware should TJ suspect?
Antworten
  • A. Service injection
  • B. Encrypted virus
  • C. SQL injection
  • D. Ransomware

Frage 46

Frage
Charles is developing a mission-critical application that has a direct impact on human safety. Time and cost are less important than correctly functioning software. Which of the following software development methodologies should he choose given these requirements?
Antworten
  • A. Agile
  • B. DevOps
  • C. Spiral
  • D. Waterfall

Frage 47

Frage
Which one of the following types of artificial intelligence attempts to use complex computations to replicate the partial function of the human mind?
Antworten
  • A. Decision support systems
  • B. Expert systems
  • C. Knowledge bank
  • D. Neural networks

Frage 48

Frage
At which level of the Software Capability Maturity Model (SW-CMM) does an organization introduce basic life-cycle management processes?
Antworten
  • A. Initial
  • B. Repeatable
  • C. Defined
  • D. Managed

Frage 49

Frage
Lucas runs the accounting systems for his company. The morning after a key employee was fired, systems began mysteriously losing information. Lucas suspects that the fired employee tampered with the systems prior to his departure. What type of attack should Lucas suspect?
Antworten
  • A. Privilege escalation
  • B. SQL injection
  • C. Logic bomb
  • D. Remote code execution

Frage 50

Frage
Which one of the following principles would not be favored in an Agile approach to software development?
Antworten
  • A. Processes and tools over individuals and interactions
  • B. Working software over comprehensive documentation
  • C. Customer collaboration over contract negotiations
  • D. Responding to change over following a plan
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

Einstufungstest Französisch B1.2
SprachschuleAktiv
Epochen und Literaturströmungen_1
barbara91
Faust I
barbara91
Neurobiologie Übersicht
Laura Overhoff
Schülern richtig Feedback geben
Laura Overhoff
Wagenkunde
malimi something
Biwi 2.3 - Frau Vogel | Kommunikation und Interaktion
Madeleine Krier
STEP 2 VO 1. Teil
Leo Minor
Vetie - Histo & Embryo II 2017
Fioras Hu
AVO 2017
steff Müller
Onlinequiz zu MS-4.2 Kapitel_3_Teil_I
Deborah Büscher