KnowYourMemesPart2
Application Security Quiz
Test your knowledge on application security concepts with our comprehensive quiz. Designed for both newbies and experienced professionals, this quiz covers essential topics that are crucial for securing applications in today's digital landscape.
With 30 thought-provoking questions, you will learn about:
- Vulnerability assessment
- Network security
- Incident response
- Compliance tools
What are the three information security objectives?
Confidentiality, Integrity, Availability
Confidentiality, Integrity, Authentication
Classification, INFOSEC, Availability
Cryptography, Integrity, Authenticity
Which application security testing processes requires developers to check their code as they are writing it to ensure security issues are not being introduced during development?
Mobile Testing
Dynamic Testing
Static Testing
Interactive Testing
Which of the following types of application security features ensures that a user is who they say they are ? The factors might include something you know and/or something you have.
Authorization
Encryption
Authentication
Logging
What is the most common method of tracking a customer accessing an organization's website?
HTTP
XSS
URL
Session ID
What attack would enable an attacker to connect to the same network as the victim, monitor the network packets, and see authentication tokens in plain text during transit? This is mitigated by using HTTPS and secure cookies.
Man in the Middle
Database Access
SQL Injection
XSS Attack
Which of the following protocols provided a secure encryption communication method for TCP connections before being replaced by TLS?
SSL
SSH
FTP
FTPS
Which TLS component verifies that the data has not been forged or tampered with?
Integrity
Encryption
Authorization
Authentication
What kind of protection is achieved through the use of gateways, routers, firewalls, guards, and encrypted tunnels?
Security Conglomerate
Boundary Protection
Anti-Virus
Infrastructure
What server security principle dictates that each task, process, or user account is granted the minimum rights required to perform its job?
Separation of Privilege
Defense-in-depth
Simplicity
Least Privilege
Which of the following is a software or hardware-based network security system controlling incoming and outgoing network traffic?
Firewall
Network Address Translation
Intrusion Detection System
Sensor
Which of the following is a network device or software that acts on behalf of clients to retrieve content from the internet?
Network Address Translation
Packet Filter
Firewall
Proxy
What is the goal of the vulnerability remediation/mitigation process?
Prevent changes to the AFIN
Mitigate risk to the AFIN
Eliminate vulnerability countermeasures
Remove system patches
Who is responsible for monitoring client health and assisting the NOSs with remediation of vulnerabilities that cannot be remediated with enterprise automated tools?
PMO
AFECMO
Base CFP
616 OC
Who creates pre-configured operating system images that are compliant with all applicable TCNOs and STIGs? These images are called the SDC and SSC.
DISA
AFECMO
690 NSS/AMAC
616 OC
What is a DISA-led formal inspection designed to increase accountability and the security posture of DoD Information Networks?
A&A
STIG
CCRI
Contributing Factors
What application does the DoD use to support Information Assurance and automate the Risk Management Framework process?
EMASS
STIG
PMO
CCRI
Which of the following vulnerability assessment tools performs configuration scans of servers, network devices, and databases to test for specific policy settings and can check internal security compliance?
Vulnerability Management System (VMS)
Nessus
Microsoft Endpoint Configuration Manager (MECM)
Endpoint Security System (ESS)
Which type of Vulnerability assessment is the assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources?
Network and Wireless
Application
Host
Database
Which of the following are the configuration standards for DOD IA and IA enabled devices/systems?
DISA
SCAP
STIGs
DODIN
Which of the following is an automated compliance scanning tool that leverages the DISA STIGs and operating systems specific baselines to analyze and report on the security configuration of an information system?
STIG Viewer
DISA
SRG
SCAP
What is a type of code that is inserted into the code of an existing program? It is typically a stop-gap measure to resolve vulnerabilities until a new full release of the software becomes available.
XSS Attack
Trojan
Patch
Vulnerabilities
What process aims to reduce the risk on systems and applications due to out-of-date code bases?
Patch Management
Vulnerability management
Configuration management
Risk Management
What is a platform used by the Air Force to monitor and maintain the thousands of systems across the Air Force Network. It can record information about networked systems and automate the patch management process.
MECM
ACAS
ESS
SCAP
What applet provides configuration information of a client, the available client actions, and must be running in order to make client configuration changes or deploy software?
Windows Server Update Service
Configuration Manager
Security Center
Software Center
What automated monitoring and analysis is local to a host, and would normally be running to protect specific applications from malicious activity?
HIDS
HOPS
NIPS
NIDS
Which of the following intrusion detection methods first identifies normal operations and behavior, creates a baseline, and then monitors current network behavior compared to the baseline ?
Static-Based
Dynamic-Based
Signature-Based
Anomaly-Based
Which Intrusion Detection System has both host-based and network-based functions? Additionally, it analyzes data collected by Snort.
SCAP
Zeek
SolarWInds
OSSEC
Which Incident Response phase establishes roles and responsibilities for the incident response team and the underlying security policy that will guide the development of the incident response plan?
Preparation
Detection & Analysis
Response
Recovery & Follow Up
Which of the following protects against malware, access point violations, and potentially unwanted code and programs?
McAfee Endpoint Security
Norton Antivirus
Assured Compliance Assessment Solution
Microsoft Endpoint Configuration Manager
Under the ESS organizational tier structure, which tier consist of NOS/COS units? These units monitor and maintain the health and operations of the ESS suites. They also provide support for base communication units.
Tier 0
Tier 3
Tier 1
Tier 2
{"name":"KnowYourMemesPart2", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on application security concepts with our comprehensive quiz. Designed for both newbies and experienced professionals, this quiz covers essential topics that are crucial for securing applications in today's digital landscape.With 30 thought-provoking questions, you will learn about:Vulnerability assessmentNetwork securityIncident responseCompliance tools","img":"https:/images/course1.png"}
More Quizzes
Cybersecurity Proficiency Quiz
301563
2019 PCI OWASP Top Ten Quiz
12633
Quiz 2
11612
Cyber 2
15823
Security Plus 10q Part 2
10524
Principles of Information Security CH1
23120
Info Security Chapter 1
20100
Cybersecurity Services Quiz
7448
Information assurance 1
10532
Practice QUIZ
10523
Secure Application Development Quiz
11619
Directory and Files Discovery
320