Sec + CH6
Quiz by cool
Feel free to use or edit a copy
includes Teacher and Student dashboards
Measure skillsfrom any curriculum
Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.
- edit the questions
- save a copy for later
- start a class game
- automatically assign follow-up activities based on students’ scores
- assign as homework
- share a link with colleagues
- print as a bubble sheet
- Q1
Adam is conducting software testing by reviewing the source code of the application. What type of a code testing is Adam conducting?
Dynamic code analysis
Fuzzing
Static code analysis
Mutation testing
30s - Q2
Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?
Using secure session management
Enabling logging on the database
Performing user input validation
Implementing TLS
30s - Q3
Precompiled SQL statements that only require variables to be input are an example of what type of application security control?
Appropriate access controls
Input validation
Parameterized Queries
Encoding data
30s - Q4
During a web application test, Ben discovers taht the application shows SQL code as part of an error provided to application users. What should he note in his report?
Improper error handling
A default configuration issue
Code exposure
SQL injection
30s - Q5
The application that Scott is writing has a flaw that occurs when two operations are attempted at the same time, resulting in unexpected results when the two actions do not occur in the expected order. What type of flaw does the application have?
A race condition
An insecure function
De-referencing
Improper error handling
30s - Q6
Every time Susan checks code into her organization's code repository, it is tested and validated, and then if accepted, it is immediately put into production. What is the term for this?
Continuous delivery
a security nightmare
Continuous integration
agile development
30s - Q7
Tim is working on a change to a web application used by his organization to fix a known bug. What environment should he be working in?
Staging
Test
Development
Production
30s - Q8
Which one of the following software development models focuses on the early and continuous delivery of software?
Waterfall
Spiral
Butterfly
Agile
30s - Q9
Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change. Which one of the following terms best describes his goal?
Scalability
Elasticity
Cost effectiveness
Agility
30s - Q10
Which one of the following is not an advantage of database normalization?
Preventing injection attacks
Preventing data inconsistencies
Reducing the need for database restructuring
Making the database schema more informative
30s - Q11
What data minimization technique replaces personal identifiers with unique identifiers that may be cross-referenced with a lookup table?
Salting
Tokenization
Masking
Hashing
30s - Q12
Frank is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place?
Buffer overflow
Command injection
Server-side request forgery
Cross-site request forgery
30s - Q13
What type of attack places an attacker in the position to eavesdrop on communications between a user and a web server?
Buffer overflow
Meet-in-the-middle
Man-in-the-middle
Session hijacking
30s - Q14
Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance?
Code encryption
Code endorsement
Code obfuscation
Code signin
30s - Q15
What typy of cross-size scripting attack would not be visible to a security professional inspecting the HTML source code in a browser?
DOM-based XSS
Persistent XSS
Stored XSS
Reflected XSS
30s