Joshua Villy
Quiz por , criado more than 1 year ago

1 CSI270 Quiz sobre Quiz  10, criado por Joshua Villy em 09-05-2013.

710
0
0
Joshua Villy
Criado por Joshua Villy mais de 11 anos atrás
Fechar

Quiz  10

Questão 1 de 25

1

One reason why an organization would consider a distributed application is:

Selecione uma das seguintes:

  • Some components are easier to operate

  • Distributed applications have a simpler architecture than other types of applications

  • Some application components are owned and operated by other organizations

  • Distributed applications are easier to secure

Explicação

Questão 2 de 25

1

All of the following are advantages of using self-signed SSL certificates EXCEPT:

Selecione uma das seguintes:

  • Server authentication

  • Lower cost

  • Easier to create

  • More difficult to crack

Explicação

Questão 3 de 25

1

The best defense against a NOP sled attack is:

Selecione uma das seguintes:

  • Firewall

  • Anti-virus

  • The strcpy() function

  • Input boundary checking

Explicação

Questão 4 de 25

1

The instructions contained with an object are known as its:
A)

Selecione uma das seguintes:

  • Class

  • Firmware

  • Code

  • Method

Explicação

Questão 5 de 25

1

The purpose for putting a “canary” value in the stack is:

Selecione uma das seguintes:

  • To detect a dictionary attack

  • To detect a stack smashing attack

  • To detect parameter tampering

  • To detect script injection

Explicação

Questão 6 de 25

1

“Safe languages” and “safe libraries” are so-called because:

Selecione uma das seguintes:

  • They automatically detect some forms of input attacks

  • They automatically detect parameter tampering

  • They automatically detect script injection

  • They automatically detect malware attacks

Explicação

Questão 7 de 25

1

The following are characteristics of a computer virus EXCEPT:

Selecione uma das seguintes:

  • Polymorphic

  • Downloadable

  • Self propagating

  • Embedded in spam

Explicação

Questão 8 de 25

1

Rootkits can be difficult to detect because:

Selecione uma das seguintes:

  • They are encrypted

  • They are polymorphic

  • They reside in ROM instead of the hard drive

  • They use techniques to hide themselves

Explicação

Questão 9 de 25

1

An attack on a DNS server to implant forged “A” records is characteristic of a:

Selecione uma das seguintes:

  • Pharming attack

  • Phishing attack

  • Whaling attack

  • Spim attack

Explicação

Questão 10 de 25

1

The purpose of digitally signing a Browser Helper Object (BHO) is:

Selecione uma das seguintes:

  • To prove its origin

  • To prove hhat it is not malicious

  • To prove that it can be trusted

  • To prove that it was downloaded properly

Explicação

Questão 11 de 25

1

An organization wants to prevent SQL and script injection attacks on its Internet web application. The organization should implement a/an:

Selecione uma das seguintes:

  • Intrusion detection system

  • Firewall

  • Application firewall

  • SSL certificate

Explicação

Questão 12 de 25

1

A defense in depth strategy for anti-malware is recommended because:

Selecione uma das seguintes:

  • There are many malware attack vectors

  • Anti-virus software is often troublesome on end user workstations

  • Malware can hide in SSL transmissions

  • Users can defeat anti-malware on their workstations

Explicação

Questão 13 de 25

1

The primary advantage of the use of workstation-based anti-virus is:

Selecione uma das seguintes:

  • Virus signature updates can be performed less often

  • Virus signature updates can be performed more often

  • The user can control its configuration

  • This approach can defend against most, if not all, attack vectors

Explicação

Questão 14 de 25

1

The primary purpose of a firewall is:

Selecione uma das seguintes:

  • To protect a server from malicious traffic

  • To block malicious code

  • To control traffic between networks

  • To create a DMZ network

Explicação

Questão 15 de 25

1

The following are valid reasons to reduce the level of privilege for workstation users EXCEPT:

Selecione uma das seguintes:

  • Decreased support costs because users are unable to change system configurations

  • Eliminates the need for whole disk encryption

  • Decreased impact from malware

  • Increased security because users are unable to tamper with security controls

Explicação

Questão 16 de 25

1

A system administrator needs to harden a server. The most effective approach is:

Selecione uma das seguintes:

  • Install security patches and install a firewall

  • Remove unneeded services, remove unneeded accounts, and configure a firewall

  • Remove unneeded services, disable unused ports, and remove unneeded accounts

  • Install security patches and remove unneeded services

Explicação

Questão 17 de 25

1

The most effective countermeasures against input attacks are:

Selecione uma das seguintes:

  • Input field filtering, application firewall, application vulnerability scanning, and developer training

  • Input field filtering, application firewall, and intrusion prevention system

  • Input field filtering, application firewall, intrusion detection system, and ethical hacking

  • Application firewall, intrusion detection system, and developer training

Explicação

Questão 18 de 25

1

The term “object reuse” refers to:

Selecione uma das seguintes:

  • A method used by malware to exploit weaknesses in running processes

  • The use of residual computing resources for other purposes

  • The ability to reuse application code

  • Processes that can discover and use residual data associated with other processes

Explicação

Questão 19 de 25

1

A security assessment discovered back doors in an application, and the security manager needs to develop a plan for detecting and removing back doors in the future. The most effective countermeasures that should be chosen are:

Selecione uma das seguintes:

  • Application firewalls

  • Source code control

  • Outside code reviews

  • Peer code reviews

Explicação

Questão 20 de 25

1

The best time to introduce security into an application is:

Selecione uma das seguintes:

  • Implementation

  • Design

  • Development

  • Testing

Explicação

Questão 21 de 25

1

A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as:

Selecione uma das seguintes:

  • Cross site request forgery

  • Cross-site scripting

  • Broken authentication

  • Replay attack

Explicação

Questão 22 de 25

1

What is the most effective countermeasure against script injection attacks?

Selecione uma das seguintes:

  • Stateful inspection firewall

  • Disallow server side scripting in the end user’s browser configuration

  • Filter scripting characters in all input fields

  • Disallow client side scripting in the end user’s browser configuration

Explicação

Questão 23 de 25

1

A database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take?

Selecione uma das seguintes:

  • Implement column-based access controls

  • Export the table to a data warehouse, including only the fields that the users are permitted to see

  • Clone the table, including only the fields that the users are permitted to see

  • Create a view that contains only the fields that the users are permitted to see

Explicação

Questão 24 de 25

1

The purpose of Data Control Language is:

Selecione uma das seguintes:

  • Define which users are able to view and manipulate data in a database

  • Define data structures in a relational database

  • Define data structures in an object-oriented database

  • Retrieve, insert, delete and update data in a relational database

Explicação

Questão 25 de 25

1

A list of all of the significant events that occur in an application is known as:

Selecione uma das seguintes:

  • Audit log

  • Replay log

  • Export file

  • Data dump

Explicação