240. Which of the following examples would be best mitigated by input sanitization?

A. <script>alert(“Warning!”);</script>

247. A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

B. Enabling malware detection through a UTM

325. A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard pat. The web server is used to present an unauthenticated page to clients who upload images the company. An analyst notices a suspicious process running on the server hat was not created by the company development team. Which of the following is the most likely explanation for his security incident?

A. A web shell has been deployed to the server through the page.

366. Which of the following topics would most likely be included within an organization's SDLC?

D . Branch protection requirements

385. A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected. Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions. Hourly employees are required to use a website called acme time keeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

B . A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

420. A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data: Which of the following should the analyst do next?

B. Review WAF logs for evidence of command injection.

503. An organization's web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization's web servers? (Choose two.)

A. Regularly updating server software and patches D. Utilizing a web-application firewall

534. Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Choose two.)

C. Improved scalability of the system D. Increased compartmentalization of the system

550. While investigating a possible incident, a security analyst discovers the following: Which of the following should the analyst do first?

D. Check the users table for new accounts.

652. Which of the following is an example of a treatment strategy for a continuous risk?

D. Branch protection as part of the CI/CD pipeline

SYO 701 WEB APPLICATION SECURITY Module FC

Flashcard

•

Computers

•

University

•

Practice Problem

•

Hard

Oak Academy

FREE Resource

Student preview

51 questions

Show all answers

FLASHCARD QUESTION

Front

3. Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?

Back

D. Side loading

FLASHCARD QUESTION

Front

7. Which of the following involves an attempt to take advantage of database misconfigurations?

Back

B. SQL injection

FLASHCARD QUESTION

Front

20. Which of the following are the most likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two).

Back

D. Included third-party libraries

E. Vendors/supply chain

FLASHCARD QUESTION

Front

58. A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Back

C. Input validation

FLASHCARD QUESTION

Front

78. A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?

Back

B. Availability

FLASHCARD QUESTION

Front

123. A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Back

D. Enabling full packet capture for traffic entering and exiting the servers

FLASHCARD QUESTION

Front

130. Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

Back

D. Peer review and approval

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

48 questions

Etapas del desarrollo cognitivo de Piaget

Flashcard

•

University

50 questions

Network Security Flashcard

Flashcard

•

University

50 questions

English-Hebrew Flashcards

Flashcard

•

12th Grade

52 questions

Unit 7: Organizational Structure and Change

Flashcard

•

University

37 questions

Grade 11 CAT

Flashcard

•

11th Grade

35 questions

Motion in Two Dimensions

Flashcard

•

12th Grade

47 questions

English-Kazakh Flashcards

Flashcard

•

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

30 questions

Quiz 1 Review

Quiz

•

University