CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. A process of testing an application or software product in an operating state is called _______________.
A) SAST (Static Application Security Testing)
B) DAST (Dynamic Application Security Testing)
C) Fuzzing
D) Directory Traversal
2. Which of the following is a Mobile Security Framework that can perform web API testing and dynamic static analysis?
A) Network Spoofing
B) Metasploit framework
C) APKX Framework
D) Drozer
3. Multiple vulnerabilities are identified during a penetration test. Select the finding that would be most likely to merit an escalation contact, outside of standard meetings with the organization-provided point of contact.
A) A remote code execution vulnerability that is identified and for which exploit code is publicly available in a web app exposed to the internet
B) A web app with XSS used in the company intranet
C) A malicious link in an e-mail that was clicked and sent as part of phishing campaign
D) A directory traversal flaw existing in a company web application that allows unauthorized users to view the contents of directories outside the scope of the web app on the server
4. A wide variety of security testing and administration tasks are handled by using which one of the following utilities?
A) NETCAT
B) NCAT
C) Proxy Chains
D) SAST
5. An attack that can be done by shoulder surfing, social engineering, and dumpster diving is called ___________________.
A) Non-Electronic Attacks
B) Active Online Attacks
C) Passive Online Attacks
D) Man-in-the-Middle Attack
A) SAST (Static Application Security Testing)
B) DAST (Dynamic Application Security Testing)
C) Fuzzing
D) Directory Traversal
2. Which of the following is a Mobile Security Framework that can perform web API testing and dynamic static analysis?
A) Network Spoofing
B) Metasploit framework
C) APKX Framework
D) Drozer
3. Multiple vulnerabilities are identified during a penetration test. Select the finding that would be most likely to merit an escalation contact, outside of standard meetings with the organization-provided point of contact.
A) A remote code execution vulnerability that is identified and for which exploit code is publicly available in a web app exposed to the internet
B) A web app with XSS used in the company intranet
C) A malicious link in an e-mail that was clicked and sent as part of phishing campaign
D) A directory traversal flaw existing in a company web application that allows unauthorized users to view the contents of directories outside the scope of the web app on the server
4. A wide variety of security testing and administration tasks are handled by using which one of the following utilities?
A) NETCAT
B) NCAT
C) Proxy Chains
D) SAST
5. An attack that can be done by shoulder surfing, social engineering, and dumpster diving is called ___________________.
A) Non-Electronic Attacks
B) Active Online Attacks
C) Passive Online Attacks
D) Man-in-the-Middle Attack
1. Right Answer: B
Explanation: Dynamic Application Security Testing (DAST) is a process of testing an application or software product in an operating state.
2. Right Answer: C
Explanation: An automated mobile app security testing tool for Android and iOS apps is a Mobile Security Framework that can perform web API testing, dynamic, and static analysis.
3. Right Answer: A
Explanation: Immediate contact is most appropriate for a vulnerability that is leveraged to obtain code execution on a target system. It is not common for rules of engagement documents to explicitly require such contact.
4. Right Answer: B
Explanation: Ncat is a network-connected back end for other tools or suitable for interactive use. It handles a wide variety of security testing and administration tasks.
5. Right Answer: B
Explanation: Non-Electronic attacks or Non-technical attacks are the attacks that do not require any type of technical understanding or knowledge. This is the type of attack that can be done by shoulder surfing, social engineering, and dumpster diving.
Explanation: Dynamic Application Security Testing (DAST) is a process of testing an application or software product in an operating state.
2. Right Answer: C
Explanation: An automated mobile app security testing tool for Android and iOS apps is a Mobile Security Framework that can perform web API testing, dynamic, and static analysis.
3. Right Answer: A
Explanation: Immediate contact is most appropriate for a vulnerability that is leveraged to obtain code execution on a target system. It is not common for rules of engagement documents to explicitly require such contact.
4. Right Answer: B
Explanation: Ncat is a network-connected back end for other tools or suitable for interactive use. It handles a wide variety of security testing and administration tasks.
5. Right Answer: B
Explanation: Non-Electronic attacks or Non-technical attacks are the attacks that do not require any type of technical understanding or knowledge. This is the type of attack that can be done by shoulder surfing, social engineering, and dumpster diving.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
