Security Review #3 – Flashcards
Unlock all answers in this set
Unlock answersquestion
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this
answer
Client-side scripts.
question
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle
answer
Buffer Overflow.
question
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack
answer
Buffer Overflow.
question
Which of the following is an attack that injects malicious scripts into web pages to redirect users to fake websites or gather personal information
answer
XSS.
question
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred
answer
Drive-by download.
question
Which of the following are subject to SQL injection attacks
answer
Database Servers.
question
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred
answer
SQL injection.
question
Which of the following methods should you use to prevent SQL injection attacks
answer
Perform input validation.
question
Use of which of the following is a possible violation of privacy
answer
Cookies.
question
Which of the following is not true regarding cookies
answer
They operate within a security sandbox.
question
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims
answer
Spamming.
question
You want to use an encryption protocol for encrypting Internet phone calls, Which protocol would you choose
answer
PGP Pretty Good Privacy.
question
Which of the following mechanisms can you use to add encryption to e-mail (Select two.)
answer
PGP S/MIME.
question
What common design feature among Instant Messaging clients make them more insecure than other means of communication over the Internet
answer
peer-to-peer networking.
question
What type of attack is most likely to succeed against communications between Instant Messaging clients
answer
Sniffing.
question
Instant Messaging does not provide which of the following
answer
Privacy.
question
Which of the following are disadvantages to server virtualization
answer
A compromise of the host system might affect multiple servers.
question
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidential risk
answer
run the browser in a virtual environment.
question
which of the following is an advantage of a virtual browser
answer
protects agains malicious downloads.
question
which of the following are advantages of virtualization
answer
centralized admin easy migration of systems to different hardware.
question
which of the following will enter random data to the inputs of an application
answer
Fuzzing.
question
which of the following is specifically meant to ensure that a program operates on clean, correct and useful data
answer
Input validation.
question
What is the primary security feature that can be designed into a network's infrastructure to protect and support availability
answer
redundancy.
question
which form of alternate site is the cheapest but may not allow an organization to recover before reaching their maximum tolerable downtime
answer
reciprocal agreement
question
Which of the following network strategies connects multiple servers together such that if one server fails, the others immediately take over its tasks, preventing a disruption in service
answer
Clustering
question
Even if you perform regular backups,what must be done to protect it
answer
Regularly test restoration procedures.
question
why should backup media be stored offsite
answer
to prevent the same disaster from affecting both the network and the backup media.
question
A system failure has occurred, which of the following restoration processes would result in the fastest restoration of all data to its most current state
answer
Restore the full backup and the last differential backup
question
Which of the following are backed up during a incremental backup
answer
Only files that have changed since the last full or incremental backup.
question
Which of the following are backed up during a differential backup
answer
Only files that have changed since the last full backup.
question
To increase your ability to recover from a disaster, where should you store backup tapes
answer
At the vice president's home.
question
You would like to implement bit locker to encrypt data on a hard disk even if it is moved to another system.
answer
enable the TPM in the bios.
question
You want to protect data on hard drives for users with laptops You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special drive is inserted
answer
Implement Bitlocker with a TPM
question
Which of the following security measures encrypts the entire contents of a hard drive
answer
Drivelock
question
You want a security solution that protects the entire hard drive, preventing
answer
Bitlocker
question
which of the following security solutions would prevent a user from reading a file which she did not create
answer
EFS
question
You create a new document and save it to a hard drive on a file server on your company's network Then, you employ an encryption tool to encrypt the file using AES. This activity is an example of what security goal
answer
Confidentiality
question
You are purchasing a hard disk over the internet from an online retailer, what does your browser use to ensure that others can't see your private information
answer
SSL
question
IPsec is implemented by which two separate protocols
answer
ah & esp
question
Which of the following network layer protocols provides authentication and encryption services for IP based network traffic
answer
IPSec.
question
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you ned
answer
vulnerability scanner.
question
You want to make sure that a set of servers will only accept traffic for specific
answer
Port scanner
question
which of the following identifies standards and xml formats for reporting and analyzing system vulnerabilities
answer
OVAL
question
You are using a vulnerability scanner that conforms to the oval specifications. which of the following items contains specific vulnerability or security issue that could be prevented on a system
answer
Definition
question
Which of the following identifies an operating system or network service based on Icmp responses
answer
fingerprinting.
question
which of the following uses hacking techniques to proactively discover internal vulnerabilities
answer
Penetration testing
question
you have double blind pen test which of the following actions would you preform first
answer
Inform senior management
question
what is the main difference between vulnerability scanning and penetration testing
answer
Vulnerability scanning is performed within the security perimeter; pen testing is performed outside of the security perimeter.
question
What is the primary purpose of pen testing?
answer
test the effectiveness of your security perimeter.
question
Which of the following types of pen test teams will provide you information that is most revealing of a real-world hacker attack
answer
zero knowledge team.
question
Which phase or step of a security assessment is a passive activity
answer
Reconnosence
question
You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device. which tool should you use
answer
Protocol analyzer
question
You want to know what protocols are being used on your network. You'd like to monitor network traffic and sort traffic based on protocol, which tool should you use
answer
packet sniffer
question
You want to use a tool to see packets on a network, including the source and destination of each packet which tool should you use
answer
Wireshark
question
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall, Which tool should you use
answer
Packet sniffer.
question
You have recently reconfigured FTP to require encryption of both passwords and data transfers, you would like to check network traffic to verify that all ftp passwords and data are being encrypted which tool should you use
answer
Protocol analyzer