Master App Security: Threats and Countermeasures | Cybersecurity Fundamentals

Question 1

Which of the following involves malicious SQL statements being injected into an input field to exploit a database?

Accepted Answer

SQL injection

Answer

Cross-site scripting (XSS)

Answer

Buffer overflow

Answer

Denial of service (DoS)

Question 2

Which countermeasure can effectively prevent cross-site scripting (XSS) attacks?

Accepted Answer

Input validation and escaping

Answer

Anti-virus software

Answer

Strong firewalls

Answer

Regular software updates

Question 3

What type of buffer overflow results from excessive input exceeding the allocated memory buffer, leading to unpredictable system behavior?

Accepted Answer

Stack buffer overflow

Answer

Heap buffer overflow

Answer

Integer overflow

Answer

Format string overflow

Question 4

Which technique conceals or encrypts sensitive data to prevent unauthorized access?

Accepted Answer

Data encryption

Answer

Authentication and authorization

Answer

Firewall implementation

Answer

Secure coding practices

Question 5

What is the primary function of a firewall in cybersecurity?

Accepted Answer

Monitor and control network traffic

Answer

Detect and block malicious software

Answer

Encrypt data transmission

Answer

Prevent unauthorized system access

Question 6

Which type of malware can steal or encrypt sensitive data, disrupt system operations, and demand a ransom?

Accepted Answer

Ransomware

Answer

Virus

Answer

Trojan horse

Answer

Spyware

Question 7

What is the main purpose of penetration testing?

Accepted Answer

Identify vulnerabilities and weaknesses in a system

Answer

Monitor network traffic for suspicious activity

Answer

Prevent unauthorized system access

Answer

Recover data from a compromised system

Question 8

Which of the following is NOT a common application security threat?

Accepted Answer

Phishing

Answer

SQL injection

Answer

Buffer overflow

Answer

Cross-site scripting

Question 9

What is the purpose of SQL injection?

Accepted Answer

To execute malicious SQL queries on the database

Answer

To gain unauthorized access to user accounts

Answer

To steal sensitive information from the server

Answer

To disrupt the application's functionality

Question 10

Which of the following is NOT a common application security threat?

Accepted Answer

Denial-of-service (DoS) attacks

Answer

SQL injection

Answer

Cross-site scripting (XSS)

Answer

Buffer overflow

Question 11

Cross-site scripting (XSS) attacks typically exploit which of the following vulnerabilities?

Accepted Answer

Insufficient input validation

Answer

Unpatched software

Answer

Weak passwords

Answer

Lack of encryption

Question 12

Which of the following is a primary goal of buffer overflow attacks?

Accepted Answer

To corrupt data or cause a system crash

Answer

To gain unauthorized access to a system

Answer

To steal sensitive information

Answer

To disrupt network services

Question 13

What is the primary goal of input validation in application security?

Accepted Answer

To ensure user input meets expected criteria

Answer

To encrypt user data before storage

Answer

To detect and prevent XSS attacks

Answer

To block unauthorized access to the application

Question 14

Firewalls play a crucial role in application security. What is their primary function?

Accepted Answer

Filtering incoming and outgoing network traffic to block unauthorized access

Answer

Detecting and preventing intrusion attempts by malicious actors

Answer

Encrypting data transmissions to protect sensitive information

Answer

Preventing buffer overflow attacks by limiting the amount of data that can be stored in a specific memory location

Question 15

Regularly updating applications with security patches is essential for maintaining application security. What is the primary reason for this practice?

Accepted Answer

Fixing known vulnerabilities and preventing potential exploits

Answer

Improving the overall performance and efficiency of the application

Answer

Complying with industry regulations and standards

Answer

Meeting the expectations and demands of users

Question 16

The OWASP Top 10 list is a valuable resource in application security. What is its primary purpose?

Accepted Answer

Identifying the most prevalent web application vulnerabilities and providing guidance on how to address them

Answer

Providing a comprehensive list of all possible web application vulnerabilities

Answer

Tracking the frequency and severity of web application vulnerabilities over time

Answer

Raising awareness about the importance of web application security

Question 17

Web application firewalls (WAFs) play a significant role in protecting web applications. What is their primary function?

Accepted Answer

Blocking malicious traffic at the network level before it reaches the application

Answer

Detecting and preventing SQL injection attacks specifically

Answer

Providing comprehensive intrusion detection and prevention capabilities

Answer

Hardening the application itself against vulnerabilities

Question 18

Penetration testing is a valuable technique in assessing application security. What is its primary goal?

Accepted Answer

Identifying vulnerabilities and weaknesses in a system

Answer

Exploiting vulnerabilities to gain unauthorized access

Answer

Fixing vulnerabilities and implementing security measures

Answer

Preventing vulnerabilities from being exploited in the first place

Question 19

Which approach is most effective for mitigating application security threats?

Accepted Answer

A multi-layered approach combining various security controls.

Answer

Reliance on penetration testing as the sole vulnerability detection method.

Answer

Ignoring application security until an attack occurs.

Answer

Implementing a single security measure like a web application firewall (WAF).

Question 20

A buffer overflow vulnerability occurs when:

Accepted Answer

An application attempts to store more data in a memory buffer than its allocated size.

Answer

An attacker guesses a weak password.

Answer

A user enters invalid data into a form field.

Question 21

Which technique is recommended to prevent SQL Injection attacks?

Accepted Answer

Using parameterized queries or prepared statements.

Answer

Implementing strong user authentication.

Answer

Disabling error messages on the production server.

Question 22

What best exemplifies a Cross-Site Scripting (XSS) attack?

Accepted Answer

Injecting a script tag into a comment section to steal user cookies.

Answer

Gaining unauthorized access to a database by exploiting a SQL injection vulnerability.

Answer

Flooding a server with requests to make it unavailable.

Question 23

Which practice is NOT recommended for secure application development?

Accepted Answer

Storing sensitive data in plain text.

Answer

Utilizing a secure development lifecycle (SDLC).

Answer

Conducting regular security testing.

Answer

Implementing appropriate access controls.

Question 24

What is the primary purpose of input validation in application security?

Accepted Answer

To ensure data entered into an application conforms to expected formats and ranges.

Answer

To detect and block malicious traffic.

Answer

To prevent unauthorized access to sensitive information.

Question 25

What is a web application firewall (WAF)?

Accepted Answer

A security appliance that filters traffic to and from web applications.

Answer

A type of antivirus software designed to protect web servers.

Answer

A secure coding standard for web applications.

Question 26

Which type of security testing simulates real-world attacks on an application?

Accepted Answer

Penetration testing

Answer

Regression testing

Answer

Integration testing

Answer

Unit testing