11 Application Security – EGCERT Security Plus Study

Question 1 of 20

A security team discovers that attackers can force their web application to use outdated SSL 3.0 encryption by intercepting and modifying handshake requests, potentially exposing sensitive data. Which mitigation strategy should they implement to prevent this downgrade attack?

Implementing certificate pinning

Continuing to support SSL 3.0 for legacy browser compatibility

Disabling HTTPS and reverting to HTTP

Strict TLS version 1.3 enforcement

Question 2 of 20

An organization's directory services are currently transmitting authentication credentials in cleartext, exposing sensitive operations to network eavesdropping. Which secure protocol configuration should they implement to encrypt directory access?

LDAPS on port 636

LDAP on port 389

SNMPv3

SFTP

Question 3 of 20

A network administrator discovers that their monitoring tools are using community strings "public" and "private" to query device statistics, sending this data across the network without encryption or authentication. Which protocol version should they migrate to?

SNMPv3

SNMPv2c

SNMPv1 with IP-based access restrictions

Telnet for device management

Question 4 of 20

A healthcare organization needs to transfer large patient database files via a secure channel. Which solution should they implement to ensure both authentication credentials and file contents remain confidential during transmission?

SFTP over port 22 using SSH encryption

Standard FTP with anonymous authentication

TFTP for simplified file transfers

HTTP POST requests with basic authentication

Question 5 of 20

A company's email server is currently accepting messages without requiring encryption, allowing credentials and message content to be intercepted. Which configuration should they implement as a solution?

STARTTLS on port 587 for message submission

SMTPS on port 465 with implicit SSL

Unencrypted SMTP on port 25 with SPF records only

POP3 on port 110 for message delivery

Question 6 of 20

A large hospital uses email for communication. However, to ensure security, they want to ensure that sensitive information like Excel spreadsheets cannot leave the hospital's network and be exposed to the public. What security function would accomplish this need?

SNMP

FTP

SFTP

DLP

Question 7 of 20

An organization is experiencing widespread phishing attacks where attackers are spoofing their domain to send malicious emails that appear to originate from legitimate company addresses. Which email authentication framework should they implement to specify handling policies for messages that fail sender verification and enable reporting of authentication failures?

DMARC with policy set to quarantine or reject

SPF records alone without DKIM alignment

DKIM signing without SPF records

DNSSEC for email validation

Question 8 of 20

A large company uses Bluetooth technology for short-range personal area networking. The organization has a security concern with bluesnarfing. What is the attacker doing to the organization?

Sending unsolicited text messages or vCards to a discoverable device

Compromising any active and unpatched Bluetooth system

Stealing information from someone else's phone by using an exploit in Bluetooth

Launching highly effective attacks using a peripheral device with malicious firmware

Question 9 of 20

An attacker has poisoned a DNS cache, redirecting users to a malicious site when they attempt to access the company's legitimate banking portal. Which security component would prevent this kind of attack?

DNSSEC with signed zones

DNS filtering at the endpoint

LDAPS for DNS queries

TLS 1.3 for DNS over HTTPS

Question 10 of 20

A development team is releasing a new software update but users are receiving warnings that the publisher cannot be verified and the code may have been tampered with since distribution. Which security practice should they implement to verify software integrity?

Peer review of the source code

SAST scanning before release

Sandboxing the installer

Code signing with a trusted digital certificate

Question 11 of 20

A company wants to identify security flaws in their web application before deployment by analyzing the source code for hardcoded credentials and vulnerabilities, without running the program. Which testing methodology should they implement?

SAST

DAST

Manual peer review only

Dynamic DNS filtering

Question 12 of 20

During a penetration test, an attacker bypasses client-side JavaScript validation that restricts special characters in a form field and submits malicious SQL commands directly to the server. Which security control should be implemented to prevent this attack?

Client-side validation with obfuscated JavaScript

DNSSEC validation of form submissions

Code signing of web forms

Server-side input validation

Question 13 of 20

An application is displaying detailed database error messages, including table names and column structures, to the public. This helps an attacker map the database schema for further attacks. Which secure coding practice should be implemented to prevent this information leakage?

Only displaying generic error messages to users

Displaying detailed error messages for debugging purposes

Client-side error handling only

Sandboxing the database connection

Question 14 of 20

A development team is manually reviewing a critical codebase before merging it into the main application. They discover a logic flaw that could allow unauthorized access to administrative functions. Which secure development practice enabled this discovery?

Peer review

DAST

DNS filtering

SNMP monitoring

Question 15 of 20

Which of the following statements is generally true of protocol security?

HTTP operates by default on port 443 and is encrypted

HTTPS operates by default on port 443 and is encrypted

SNMP operates by default on port 80 and is unencrypted

POP3S operates by default on port 995 and is encrypted

Question 16 of 20

A penetration tester wishes to target a local DNS cache file on a Linux system, aiming to use their administrative privileges to edit the file and poison the DNS cache, redirecting users to a fake website. Which file would the penetration tester target?

LSASS.exe

bind

C:\Windows\System32\drivers\etc\hosts

/etc/hosts

Question 17 of 20

An organization needs to test their production web application for vulnerabilities by simulating attacks against the application live in real time, while it is running. Which security testing methodology should they employ to identify runtime vulnerabilities?

DAST

SAST

Peer review

Code signing verification

Question 18 of 20

An organization is told by its customers that many of the organization's emails end up in the "Spam" or "Junk" folders. What should the company's analysts check first?

Check the organization's email sender reputation with DNS-based Spam Blocklist companies

Contact the organization's Certificate Authority to make a complaint

Discover the validity period of the organization's cyber insurance

Implement immediate SNMP monitoring of DNS traffic

Question 19 of 20

An email gateway administrator notices a surge in messages claiming to be from the company's domain but originating from unauthorized IP addresses. Which DNS record type should they verify is properly configured to specify authorized mail servers for their domain?

SPF records in DNS TXT

DKIM public keys

DMARC policies

DNSSEC zone signing

Question 20 of 20

A developer wishes to isolate a Linux process in a sandbox-like environment, ensuring that it is confined from the rest of the system to enhance security. Which command would be used?

ps -aux

ls -lah

sudo

chroot

Application Security

You scored out of