Copiar y Editar

Quiz  10

Descripción

1 CSI270 Test sobre Quiz  10, creado por Joshua Villy el 09/05/2013.
Joshua Villy
Test por Joshua Villy, actualizado hace más de 1 año
Joshua Villy
Creado por Joshua Villy hace más de 11 años
711
0
0

Resumen del Recurso

Pregunta 1

Pregunta
One reason why an organization would consider a distributed application is:
Respuesta
  • Some components are easier to operate
  • Distributed applications have a simpler architecture than other types of applications
  • Some application components are owned and operated by other organizations
  • Distributed applications are easier to secure

Pregunta 2

Pregunta
All of the following are advantages of using self-signed SSL certificates EXCEPT:
Respuesta
  • Server authentication
  • Lower cost
  • Easier to create
  • More difficult to crack

Pregunta 3

Pregunta
The best defense against a NOP sled attack is:
Respuesta
  • Firewall
  • Anti-virus
  • The strcpy() function
  • Input boundary checking

Pregunta 4

Pregunta
The instructions contained with an object are known as its: A)
Respuesta
  • Class
  • Firmware
  • Code
  • Method

Pregunta 5

Pregunta
The purpose for putting a “canary” value in the stack is:
Respuesta
  • To detect a dictionary attack
  • To detect a stack smashing attack
  • To detect parameter tampering
  • To detect script injection

Pregunta 6

Pregunta
“Safe languages” and “safe libraries” are so-called because:
Respuesta
  • They automatically detect some forms of input attacks
  • They automatically detect parameter tampering
  • They automatically detect script injection
  • They automatically detect malware attacks

Pregunta 7

Pregunta
The following are characteristics of a computer virus EXCEPT:
Respuesta
  • Polymorphic
  • Downloadable
  • Self propagating
  • Embedded in spam

Pregunta 8

Pregunta
Rootkits can be difficult to detect because:
Respuesta
  • They are encrypted
  • They are polymorphic
  • They reside in ROM instead of the hard drive
  • They use techniques to hide themselves

Pregunta 9

Pregunta
An attack on a DNS server to implant forged “A” records is characteristic of a:
Respuesta
  • Pharming attack
  • Phishing attack
  • Whaling attack
  • Spim attack

Pregunta 10

Pregunta
The purpose of digitally signing a Browser Helper Object (BHO) is:
Respuesta
  • To prove its origin
  • To prove hhat it is not malicious
  • To prove that it can be trusted
  • To prove that it was downloaded properly

Pregunta 11

Pregunta
An organization wants to prevent SQL and script injection attacks on its Internet web application. The organization should implement a/an:
Respuesta
  • Intrusion detection system
  • Firewall
  • Application firewall
  • SSL certificate

Pregunta 12

Pregunta
A defense in depth strategy for anti-malware is recommended because:
Respuesta
  • There are many malware attack vectors
  • Anti-virus software is often troublesome on end user workstations
  • Malware can hide in SSL transmissions
  • Users can defeat anti-malware on their workstations

Pregunta 13

Pregunta
The primary advantage of the use of workstation-based anti-virus is:
Respuesta
  • Virus signature updates can be performed less often
  • Virus signature updates can be performed more often
  • The user can control its configuration
  • This approach can defend against most, if not all, attack vectors

Pregunta 14

Pregunta
The primary purpose of a firewall is:
Respuesta
  • To protect a server from malicious traffic
  • To block malicious code
  • To control traffic between networks
  • To create a DMZ network

Pregunta 15

Pregunta
The following are valid reasons to reduce the level of privilege for workstation users EXCEPT:
Respuesta
  • Decreased support costs because users are unable to change system configurations
  • Eliminates the need for whole disk encryption
  • Decreased impact from malware
  • Increased security because users are unable to tamper with security controls

Pregunta 16

Pregunta
A system administrator needs to harden a server. The most effective approach is:
Respuesta
  • Install security patches and install a firewall
  • Remove unneeded services, remove unneeded accounts, and configure a firewall
  • Remove unneeded services, disable unused ports, and remove unneeded accounts
  • Install security patches and remove unneeded services

Pregunta 17

Pregunta
The most effective countermeasures against input attacks are:
Respuesta
  • Input field filtering, application firewall, application vulnerability scanning, and developer training
  • Input field filtering, application firewall, and intrusion prevention system
  • Input field filtering, application firewall, intrusion detection system, and ethical hacking
  • Application firewall, intrusion detection system, and developer training

Pregunta 18

Pregunta
The term “object reuse” refers to:
Respuesta
  • A method used by malware to exploit weaknesses in running processes
  • The use of residual computing resources for other purposes
  • The ability to reuse application code
  • Processes that can discover and use residual data associated with other processes

Pregunta 19

Pregunta
A security assessment discovered back doors in an application, and the security manager needs to develop a plan for detecting and removing back doors in the future. The most effective countermeasures that should be chosen are:
Respuesta
  • Application firewalls
  • Source code control
  • Outside code reviews
  • Peer code reviews

Pregunta 20

Pregunta
The best time to introduce security into an application is:
Respuesta
  • Implementation
  • Design
  • Development
  • Testing

Pregunta 21

Pregunta
A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as:
Respuesta
  • Cross site request forgery
  • Cross-site scripting
  • Broken authentication
  • Replay attack

Pregunta 22

Pregunta
What is the most effective countermeasure against script injection attacks?
Respuesta
  • Stateful inspection firewall
  • Disallow server side scripting in the end user’s browser configuration
  • Filter scripting characters in all input fields
  • Disallow client side scripting in the end user’s browser configuration

Pregunta 23

Pregunta
A database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take?
Respuesta
  • Implement column-based access controls
  • Export the table to a data warehouse, including only the fields that the users are permitted to see
  • Clone the table, including only the fields that the users are permitted to see
  • Create a view that contains only the fields that the users are permitted to see

Pregunta 24

Pregunta
The purpose of Data Control Language is:
Respuesta
  • Define which users are able to view and manipulate data in a database
  • Define data structures in a relational database
  • Define data structures in an object-oriented database
  • Retrieve, insert, delete and update data in a relational database

Pregunta 25

Pregunta
A list of all of the significant events that occur in an application is known as:
Respuesta
  • Audit log
  • Replay log
  • Export file
  • Data dump
Mostrar resumen completo Ocultar resumen completo

¿Quieres crear tus propios Tests gratis con GoConqr? Más información.

Similar

Quiz 11
Joshua Villy
Quiz 7
Joshua Villy
Quiz 8
Joshua Villy
Provincias de España
Diego Santos
Reported Speech
María Escobar
Fichas de Grandes Filósofos
maya velasquez
Tablas (1) del 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 y 10
Miguel Greciano
CONTRATACION E INDUCCION DE PERSONAL
lauraga04
Modal verbs Flashcards
Victoria Elena Fernández Pareja
Mapa Mental del Modelo OSI
Berenice Ríos
USO DE LA FUERZA Y ARMAS NO LETALES EN LA POLICÍA NACIONAL
ALVARO ENRIQUE MORENO MORENO
Explorar la Librería