240. Which of the following examples would be best mitigated by input sanitization?

A. <script>alert(“Warning!”);</script>

247. A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

B. Enabling malware detection through a UTM

325. A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard pat. The web server is used to present an unauthenticated page to clients who upload images the company. An analyst notices a suspicious process running on the server hat was not created by the company development team. Which of the following is the most likely explanation for his security incident?

A. A web shell has been deployed to the server through the page.

366. Which of the following topics would most likely be included within an organization's SDLC?

D . Branch protection requirements

385. A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected. Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions. Hourly employees are required to use a website called acme time keeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

B . A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

420. A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data: Which of the following should the analyst do next?

B. Review WAF logs for evidence of command injection.

503. An organization's web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization's web servers? (Choose two.)

A. Regularly updating server software and patches D. Utilizing a web-application firewall

534. Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Choose two.)

C. Improved scalability of the system D. Increased compartmentalization of the system

550. While investigating a possible incident, a security analyst discovers the following: Which of the following should the analyst do first?

D. Check the users table for new accounts.

652. Which of the following is an example of a treatment strategy for a continuous risk?

D. Branch protection as part of the CI/CD pipeline

SYO 701 WEB APPLICATION SECURITY Module FC

Flashcard

•

Computers

•

University

•

Practice Problem

•

Hard

Oak Academy

FREE Resource

Student preview

51 questions

Show all answers

FLASHCARD QUESTION

Front

3. Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?

Back

D. Side loading

FLASHCARD QUESTION

Front

7. Which of the following involves an attempt to take advantage of database misconfigurations?

Back

B. SQL injection

FLASHCARD QUESTION

Front

20. Which of the following are the most likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two).

Back

D. Included third-party libraries

E. Vendors/supply chain

FLASHCARD QUESTION

Front

58. A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Back

C. Input validation

FLASHCARD QUESTION

Front

78. A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?

Back

B. Availability

FLASHCARD QUESTION

Front

123. A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Back

D. Enabling full packet capture for traffic entering and exiting the servers

FLASHCARD QUESTION

Front

130. Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

Back

D. Peer review and approval

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

sfgjnfjdfgtlereviewerfndfjksdgns

Flashcard

•

46 questions

TOPIK Từ vựng

Flashcard

•

Professional Development

45 questions

Derecho y Personalidad

Flashcard

•

12th Grade

45 questions

Anatomía_ Músculos_ Huesos_ Cabeza

Flashcard

•

University

50 questions

ARQUITECTURA GRIEGA

Flashcard

•

12th Grade

49 questions

Final Epidemio

Flashcard

•

University

50 questions

Audit of Insurance company

Flashcard

•

University

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Computers

20 questions

Disney Trivia

Quiz

•

University

7 questions

Fragments, Run-ons, and Complete Sentences

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

10 questions

DNA Structure and Replication: Crash Course Biology

Interactive video

•

11th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

20 questions

Implicit vs. Explicit

Quiz

•

6th Grade - University

14 questions

Ch.3_TEACHER-led

Quiz

•

University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University