Joshua Villy
Test por , creado hace más de 1 año

1 CSI270 Test sobre Quiz  10, creado por Joshua Villy el 09/05/2013.

711
0
0
Joshua Villy
Creado por Joshua Villy hace más de 11 años
Cerrar

Quiz  10

Pregunta 1 de 25

1

One reason why an organization would consider a distributed application is:

Selecciona una de las siguientes respuestas posibles:

  • Some components are easier to operate

  • Distributed applications have a simpler architecture than other types of applications

  • Some application components are owned and operated by other organizations

  • Distributed applications are easier to secure

Explicación

Pregunta 2 de 25

1

All of the following are advantages of using self-signed SSL certificates EXCEPT:

Selecciona una de las siguientes respuestas posibles:

  • Server authentication

  • Lower cost

  • Easier to create

  • More difficult to crack

Explicación

Pregunta 3 de 25

1

The best defense against a NOP sled attack is:

Selecciona una de las siguientes respuestas posibles:

  • Firewall

  • Anti-virus

  • The strcpy() function

  • Input boundary checking

Explicación

Pregunta 4 de 25

1

The instructions contained with an object are known as its:
A)

Selecciona una de las siguientes respuestas posibles:

  • Class

  • Firmware

  • Code

  • Method

Explicación

Pregunta 5 de 25

1

The purpose for putting a “canary” value in the stack is:

Selecciona una de las siguientes respuestas posibles:

  • To detect a dictionary attack

  • To detect a stack smashing attack

  • To detect parameter tampering

  • To detect script injection

Explicación

Pregunta 6 de 25

1

“Safe languages” and “safe libraries” are so-called because:

Selecciona una de las siguientes respuestas posibles:

  • They automatically detect some forms of input attacks

  • They automatically detect parameter tampering

  • They automatically detect script injection

  • They automatically detect malware attacks

Explicación

Pregunta 7 de 25

1

The following are characteristics of a computer virus EXCEPT:

Selecciona una de las siguientes respuestas posibles:

  • Polymorphic

  • Downloadable

  • Self propagating

  • Embedded in spam

Explicación

Pregunta 8 de 25

1

Rootkits can be difficult to detect because:

Selecciona una de las siguientes respuestas posibles:

  • They are encrypted

  • They are polymorphic

  • They reside in ROM instead of the hard drive

  • They use techniques to hide themselves

Explicación

Pregunta 9 de 25

1

An attack on a DNS server to implant forged “A” records is characteristic of a:

Selecciona una de las siguientes respuestas posibles:

  • Pharming attack

  • Phishing attack

  • Whaling attack

  • Spim attack

Explicación

Pregunta 10 de 25

1

The purpose of digitally signing a Browser Helper Object (BHO) is:

Selecciona una de las siguientes respuestas posibles:

  • To prove its origin

  • To prove hhat it is not malicious

  • To prove that it can be trusted

  • To prove that it was downloaded properly

Explicación

Pregunta 11 de 25

1

An organization wants to prevent SQL and script injection attacks on its Internet web application. The organization should implement a/an:

Selecciona una de las siguientes respuestas posibles:

  • Intrusion detection system

  • Firewall

  • Application firewall

  • SSL certificate

Explicación

Pregunta 12 de 25

1

A defense in depth strategy for anti-malware is recommended because:

Selecciona una de las siguientes respuestas posibles:

  • There are many malware attack vectors

  • Anti-virus software is often troublesome on end user workstations

  • Malware can hide in SSL transmissions

  • Users can defeat anti-malware on their workstations

Explicación

Pregunta 13 de 25

1

The primary advantage of the use of workstation-based anti-virus is:

Selecciona una de las siguientes respuestas posibles:

  • Virus signature updates can be performed less often

  • Virus signature updates can be performed more often

  • The user can control its configuration

  • This approach can defend against most, if not all, attack vectors

Explicación

Pregunta 14 de 25

1

The primary purpose of a firewall is:

Selecciona una de las siguientes respuestas posibles:

  • To protect a server from malicious traffic

  • To block malicious code

  • To control traffic between networks

  • To create a DMZ network

Explicación

Pregunta 15 de 25

1

The following are valid reasons to reduce the level of privilege for workstation users EXCEPT:

Selecciona una de las siguientes respuestas posibles:

  • Decreased support costs because users are unable to change system configurations

  • Eliminates the need for whole disk encryption

  • Decreased impact from malware

  • Increased security because users are unable to tamper with security controls

Explicación

Pregunta 16 de 25

1

A system administrator needs to harden a server. The most effective approach is:

Selecciona una de las siguientes respuestas posibles:

  • Install security patches and install a firewall

  • Remove unneeded services, remove unneeded accounts, and configure a firewall

  • Remove unneeded services, disable unused ports, and remove unneeded accounts

  • Install security patches and remove unneeded services

Explicación

Pregunta 17 de 25

1

The most effective countermeasures against input attacks are:

Selecciona una de las siguientes respuestas posibles:

  • Input field filtering, application firewall, application vulnerability scanning, and developer training

  • Input field filtering, application firewall, and intrusion prevention system

  • Input field filtering, application firewall, intrusion detection system, and ethical hacking

  • Application firewall, intrusion detection system, and developer training

Explicación

Pregunta 18 de 25

1

The term “object reuse” refers to:

Selecciona una de las siguientes respuestas posibles:

  • A method used by malware to exploit weaknesses in running processes

  • The use of residual computing resources for other purposes

  • The ability to reuse application code

  • Processes that can discover and use residual data associated with other processes

Explicación

Pregunta 19 de 25

1

A security assessment discovered back doors in an application, and the security manager needs to develop a plan for detecting and removing back doors in the future. The most effective countermeasures that should be chosen are:

Selecciona una de las siguientes respuestas posibles:

  • Application firewalls

  • Source code control

  • Outside code reviews

  • Peer code reviews

Explicación

Pregunta 20 de 25

1

The best time to introduce security into an application is:

Selecciona una de las siguientes respuestas posibles:

  • Implementation

  • Design

  • Development

  • Testing

Explicación

Pregunta 21 de 25

1

A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as:

Selecciona una de las siguientes respuestas posibles:

  • Cross site request forgery

  • Cross-site scripting

  • Broken authentication

  • Replay attack

Explicación

Pregunta 22 de 25

1

What is the most effective countermeasure against script injection attacks?

Selecciona una de las siguientes respuestas posibles:

  • Stateful inspection firewall

  • Disallow server side scripting in the end user’s browser configuration

  • Filter scripting characters in all input fields

  • Disallow client side scripting in the end user’s browser configuration

Explicación

Pregunta 23 de 25

1

A database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take?

Selecciona una de las siguientes respuestas posibles:

  • Implement column-based access controls

  • Export the table to a data warehouse, including only the fields that the users are permitted to see

  • Clone the table, including only the fields that the users are permitted to see

  • Create a view that contains only the fields that the users are permitted to see

Explicación

Pregunta 24 de 25

1

The purpose of Data Control Language is:

Selecciona una de las siguientes respuestas posibles:

  • Define which users are able to view and manipulate data in a database

  • Define data structures in a relational database

  • Define data structures in an object-oriented database

  • Retrieve, insert, delete and update data in a relational database

Explicación

Pregunta 25 de 25

1

A list of all of the significant events that occur in an application is known as:

Selecciona una de las siguientes respuestas posibles:

  • Audit log

  • Replay log

  • Export file

  • Data dump

Explicación