Security Review #3
Flashcard maker : Lily Taylor
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack
Which of the following is an attack that injects malicious scripts into web pages to redirect users to fake websites or gather personal information
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred
Which of the following are subject to SQL injection attacks
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred
Which of the following methods should you use to prevent SQL injection attacks
Perform input validation.
Use of which of the following is a possible violation of privacy
Which of the following is not true regarding cookies
They operate within a security sandbox.
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims
You want to use an encryption protocol for encrypting Internet phone calls, Which protocol would you choose
PGP Pretty Good Privacy.
Which of the following mechanisms can you use to add encryption to e-mail (Select two.)
What common design feature among Instant Messaging clients make them more insecure than other means of communication over the Internet
What type of attack is most likely to succeed against communications between Instant Messaging clients
Instant Messaging does not provide which of the following
Which of the following are disadvantages to server virtualization
A compromise of the host system might affect multiple servers.
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidential risk
run the browser in a virtual environment.
which of the following is an advantage of a virtual browser
protects agains malicious downloads.
which of the following are advantages of virtualization
centralized admin easy migration of systems to different hardware.
which of the following will enter random data to the inputs of an application
which of the following is specifically meant to ensure that a program operates on clean, correct and useful data
What is the primary security feature that can be designed into a network’s infrastructure to protect and support availability
which form of alternate site is the cheapest but may not allow an organization to recover before reaching their maximum tolerable downtime
Which of the following network strategies connects multiple servers together such that if one server fails, the others immediately take over its tasks, preventing a disruption in service
Even if you perform regular backups,what must be done to protect it
Regularly test restoration procedures.
why should backup media be stored offsite
to prevent the same disaster from affecting both the network and the backup media.
A system failure has occurred, which of the following restoration processes would result in the fastest restoration of all data to its most current state
Restore the full backup and the last differential backup
Which of the following are backed up during a incremental backup
Only files that have changed since the last full or incremental backup.
Which of the following are backed up during a differential backup
Only files that have changed since the last full backup.
To increase your ability to recover from a disaster, where should you store backup tapes
At the vice president’s home.
You would like to implement bit locker to encrypt data on a hard disk even if it is moved to another system.
enable the TPM in the bios.
You want to protect data on hard drives for users with laptops You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special drive is inserted
Implement Bitlocker with a TPM
Which of the following security measures encrypts the entire contents of a hard drive
You want a security solution that protects the entire hard drive, preventing
which of the following security solutions would prevent a user from reading a file which she did not create
You create a new document and save it to a hard drive on a file server on your company’s network Then, you employ an encryption tool to encrypt the file using AES. This activity is an example of what security goal
You are purchasing a hard disk over the internet from an online retailer, what does your browser use to ensure that others can’t see your private information
IPsec is implemented by which two separate protocols
ah & esp
Which of the following network layer protocols provides authentication and encryption services for IP based network traffic
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you ned
You want to make sure that a set of servers will only accept traffic for specific
which of the following identifies standards and xml formats for reporting and analyzing system vulnerabilities
You are using a vulnerability scanner that conforms to the oval specifications. which of the following items contains specific vulnerability or security issue that could be prevented on a system
Which of the following identifies an operating system or network service based on Icmp responses
which of the following uses hacking techniques to proactively discover internal vulnerabilities
you have double blind pen test which of the following actions would you preform first
Inform senior management
what is the main difference between vulnerability scanning and penetration testing
Vulnerability scanning is performed within the security perimeter; pen testing is performed outside of the security perimeter.
What is the primary purpose of pen testing?
test the effectiveness of your security perimeter.
Which of the following types of pen test teams will provide you information that is most revealing of a real-world hacker attack
zero knowledge team.
Which phase or step of a security assessment is a passive activity
You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device. which tool should you use
You want to know what protocols are being used on your network. You’d like to monitor network traffic and sort traffic based on protocol, which tool should you use
You want to use a tool to see packets on a network, including the source and destination of each packet which tool should you use
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall, Which tool should you use
You have recently reconfigured FTP to require encryption of both passwords and data transfers, you would like to check network traffic to verify that all ftp passwords and data are being encrypted which tool should you use