Mid3 Chap9 M82
Unlock all answers in this set
Unlock answersquestion
What is the most common attack waged against Web servers?
answer
Buffer overflow
question
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the windows to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?
answer
Drive-by download
question
Which of the ff. are subject to SQL injection attacks?
answer
Database servers
question
You have a website that accepts input from users for creating customers' accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input files and have those commands execute on the server. Which type of attack has occurred?
answer
SQL injection
question
Which of the ff. attacks is a form of software exploitation that transmits or submits a longer stream of data that the input variable is designed to handle?
answer
Buffer overflow
question
Which of the ff. methods should you use to prevent SQL injection attacks?
answer
Perform input validation
question
Which type of attack is the act of exploiting a software program's free acceptance to input in order to execute arbitrary code on a target?
answer
Buffer overflow
question
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for product that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
answer
Pop-up blocker
question
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
answer
Buffer overflow
question
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
answer
Buffer overflow
question
Which of the ff. is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
answer
XSS
question
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the ff. would you restrict to accomplish this?
answer
Client-side scripts
question
Which of the ff. is not true regarding cookies?
answer
They operate within a security sandbox
question
Use of which of the ff. is a possible violation of privacy?
answer
Cookies
question
What is a cookie?
answer
A file saved on your hard drive that tracks Web site preferences and use.
question
Which of the ff. is a text file provided by a Web site to client that is stored on a user's hard drive in order to track and record information about the user?
answer
Cookie
question
You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?
answer
Allow first party cookies but block third-party cookies
question
To help prevent browser attacks, users of public computers should do which of the ff.?
answer
Clear the browser cache
question
You want to use a protocol for encrypting e-mails that uses a PKI with X.509 certificates. Which method should you choose?
answer
S/MIME
question
What is the most common means of virus distribution?
answer
E-mail
question
You want to use an encryption protocol for encrypting Internet phone calls. Which protocol would you choose?
answer
PGP
question
You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do?
answer
Add Kenyan.msn.pl to the e-mail blacklist.
question
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?
answer
Spamming
question
Which of the ff. mechanism can you use to add encryption to e-mail? (Select two.)
answer
S/MIME, PGP
question
Instant Messaging does not provide which of the ff.?
answer
Privacy
question
What type of attack is most likely to succeed against communications between Instant Messaging clients?
answer
Sniffing
question
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?
answer
Peer-to-Peer networking
question
Which of the ff. is an advantage of virtual browser?
answer
Protects the operating system from malicious downloads
question
Which of the ff. are advantages of virtualization? (Select two.)
answer
Centralized administration, Easy migration of system to different hardware.
question
You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the ff. would best protect your system?
answer
Run the browser within a virtual environment
question
Which of the ff. are disadvantages to server virtualization?
answer
A failure in one hardware component could affect multiple servers
question
Which of the ff. is specifically meant to ensure that a program operates on clean, correct and useful data?
answer
Input Validation
question
Which of the ff. will enter random data to the inputs of an application?
answer
Fuzzing
