Lesson 14 CySA+ CSO-003 (CertMaster)
Exam Questions and Answers with Verified
Solutions | Latest Updated 2026
What does SSDLC stand for? Secure Software Development Life Cycle
What is the purpose of the It is a comprehensive guide for testing the
OWASP security
Testing Guide? of web applications.
What is an On-Path Attack also Man-in-the-middle attack
known as?
How can On-Path Attacks be Using encrypted communications.
defended against?
What is Password Spraying? An attack where predetermined passwords
are
used for multiple user accounts.
What is Credential Stuffing? Using stolen credentials from one source
against
multiple other sources.
What are some effective measures Strong passwords, account lockouts, and
against authentication attacks? multifactor authentication.
, What is Broken Authentication? An app that fails to restrict access to
protected
resources.
What are some causes of Broken No strong password requirements,
Authentication? vulnerable
password reset mechanisms, hard-coded
credentials, and session hijacking.
What is Input Validation? Checking data entered before processing,
which
must occur as a server-side control.
What is Output Encoding? A defensive technique that assumes input
validation
may have failed.
What are Parameterized Queries To defend against code injection attacks
used for? and
insecure object references.
What is a Buffer Overflow? A software vulnerability where a program
writes
more data to a buffer than it can hold.
What is an SQL Injection? An attack that adds code to an input within
a web
app to execute the attacker's queries
against the
database.
Exam Questions and Answers with Verified
Solutions | Latest Updated 2026
What does SSDLC stand for? Secure Software Development Life Cycle
What is the purpose of the It is a comprehensive guide for testing the
OWASP security
Testing Guide? of web applications.
What is an On-Path Attack also Man-in-the-middle attack
known as?
How can On-Path Attacks be Using encrypted communications.
defended against?
What is Password Spraying? An attack where predetermined passwords
are
used for multiple user accounts.
What is Credential Stuffing? Using stolen credentials from one source
against
multiple other sources.
What are some effective measures Strong passwords, account lockouts, and
against authentication attacks? multifactor authentication.
, What is Broken Authentication? An app that fails to restrict access to
protected
resources.
What are some causes of Broken No strong password requirements,
Authentication? vulnerable
password reset mechanisms, hard-coded
credentials, and session hijacking.
What is Input Validation? Checking data entered before processing,
which
must occur as a server-side control.
What is Output Encoding? A defensive technique that assumes input
validation
may have failed.
What are Parameterized Queries To defend against code injection attacks
used for? and
insecure object references.
What is a Buffer Overflow? A software vulnerability where a program
writes
more data to a buffer than it can hold.
What is an SQL Injection? An attack that adds code to an input within
a web
app to execute the attacker's queries
against the
database.