2173 MC TEST
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/14
Earn XP
Description and Tags
fk2173
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
15 Terms
q9
simplest:
%.nx
n=number
number=written value
%n=takes number of printed chars, writes that int into memory
E
8+8+8+8=32
32+24=56
%.8x=prints 8chars
q10
C, generated errors, can disclose program functionality info
q11
E
find code vul
unforseen computation state
false results attacker exploit
security flaw, source code unavail
q12
A
SAST-analyse code, not running
Fuzzing-send random data, run, check crash
q13
B
apply security, all SDL phases
q14
D
CSRF-
Cross-site request forgery
trick authenticated users, execute unwanted actions, web app, authenticated
q15
C)
include anti-csrf tokens in forms, verify request authenticity
q16
A)
follow industry best practices, design principles
q17
B)
attacker can craft certain input to steal information, but cannot inject data to memory
A,B,C
exploit vul, active test security control, bypass sec con
q19
A)
penetration testing:
simulate attack, evaluate, malicious activity resistance
q20
B)
True:
risk-based testing, identify security issues, design level
False:
correct software, security bugs, no run
search-based tools, static code analysers, no analyse relationships
no fault negative test, no faults
q21
C)
inject SQL (structured query language) code, web forms/input fields, manipulate database
q22
D)
threat modelling in SDLC:
proactively, address security concerns
q23
B)
XXS attack:
steal sensitive info