240. Which of the following examples would be best mitigated by input sanitization?

A. <script>alert(“Warning!”);</script>

247. A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

B. Enabling malware detection through a UTM

325. A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard pat. The web server is used to present an unauthenticated page to clients who upload images the company. An analyst notices a suspicious process running on the server hat was not created by the company development team. Which of the following is the most likely explanation for his security incident?

A. A web shell has been deployed to the server through the page.

366. Which of the following topics would most likely be included within an organization's SDLC?

D . Branch protection requirements

385. A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected. Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions. Hourly employees are required to use a website called acme time keeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

B . A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

420. A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data: Which of the following should the analyst do next?

B. Review WAF logs for evidence of command injection.

503. An organization's web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization's web servers? (Choose two.)

A. Regularly updating server software and patches D. Utilizing a web-application firewall

534. Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Choose two.)

C. Improved scalability of the system D. Increased compartmentalization of the system

550. While investigating a possible incident, a security analyst discovers the following: Which of the following should the analyst do first?

D. Check the users table for new accounts.

652. Which of the following is an example of a treatment strategy for a continuous risk?

D. Branch protection as part of the CI/CD pipeline

SYO 701 WEB APPLICATION SECURITY Module FC

Flashcard

•

Computers

•

University

•

Practice Problem

•

Hard

Oak Academy

FREE Resource

Student preview

51 questions

Show all answers

FLASHCARD QUESTION

Front

3. Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?

Back

D. Side loading

FLASHCARD QUESTION

Front

7. Which of the following involves an attempt to take advantage of database misconfigurations?

Back

B. SQL injection

FLASHCARD QUESTION

Front

20. Which of the following are the most likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two).

Back

D. Included third-party libraries

E. Vendors/supply chain

FLASHCARD QUESTION

Front

58. A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Back

C. Input validation

FLASHCARD QUESTION

Front

78. A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?

Back

B. Availability

FLASHCARD QUESTION

Front

123. A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Back

D. Enabling full packet capture for traffic entering and exiting the servers

FLASHCARD QUESTION

Front

130. Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

Back

D. Peer review and approval

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

By signing up, you agree to our Terms of Service & Privacy Policy

Already have an account?

Similar Resources on Wayground

50 questions

Tiền tệ Chương 1

Flashcard

•

50 questions

العربية للمبتدئين

Flashcard

•

University

41 questions

Operating System Concepts

Flashcard

•

12th Grade

44 questions

Leap 2 Chapter 8 Vocabulary

Flashcard

•

12th Grade

44 questions

Media B1 Flashcards adaptive 40Q

Flashcard

•

12th Grade

52 questions

Biología Celular y Procesos Metabólicos

Flashcard

•

12th Grade

50 questions

Ethics Miterms

Flashcard

•

University

Popular Resources on Wayground

10 questions

Honoring the Significance of Veterans Day

Interactive video

•

6th - 10th Grade

9 questions

FOREST Community of Caring

Lesson

•

1st - 5th Grade

10 questions

Exploring Veterans Day: Facts and Celebrations for Kids

Interactive video

•

6th - 10th Grade

19 questions

Veterans Day

Quiz

•

5th Grade

14 questions

General Technology Use Quiz

Quiz

•

8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

Circuits, Light Energy, and Forces

Quiz

•

5th Grade

19 questions

Thanksgiving Trivia

Quiz

•

6th Grade

Discover more resources for Computers

20 questions

Definite and Indefinite Articles in Spanish (Avancemos)

Quiz

•

8th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

9 questions

Principles of the United States Constitution

Interactive video

•

University

18 questions

Realidades 2 2A reflexivos

Quiz

•

7th Grade - University

10 questions

Dichotomous Key

Quiz

•

KG - University

25 questions

Integer Operations

Quiz

•

KG - University

7 questions

What Is Narrative Writing?

Interactive video

•

4th Grade - University

20 questions

SER vs ESTAR

Quiz

•

7th Grade - University