Testout Chapter 9 – Flashcards
Unlock all answers in this set
Unlock answersquestion
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
answer
client-side scripts
question
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
answer
buffer overflow
question
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
answer
xss
question
when you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is.
answer
drive-by download
question
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
answer
buffer overflow
question
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
answer
buffer overflow
question
an attacker inserts SQL database commands into a data input field of an order form used by a web-based application
answer
implementing client-side validation
question
while using a web-based order form, an attacker enters an unusually large value in the quantity field. the value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application.
answer
integer overflow
question
flash explotation
answer
lso exploit
question
Use of which of the ff. is a possible violation of privacy?
answer
cookies
question
Which of the ff. is not true regarding cookies?
answer
they operate within a security sandbox
question
Which of the ff. is a text file provided by a Web site to client that is stored on a user's hard drive in order to track and record information about the user?
answer
cookie
question
You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?
answer
Allow first party cookies but block third-party cookies
question
To help prevent browser attacks, users of public computers should do which of the ff.?
answer
clear the browser cache
question
You manage several Windows systems. Deskstop users access an in-house application that is hosted on you intranet Web server. When a user clicks a specific option in the application, they receive an error message that the popup was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?
answer
Add the URL of the Web site to the Local Intranet zone.
question
you manage several windows systems. all computers are members of domain. you use an internal website that uses integrated windows authentication. you attempt to connect the website and are promted for authentication
answer
add the internal website to the local intranet zone
question
You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do?
answer
Add Kenyan.msn.pl to the e-mail blacklist.
question
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?
answer
spamming
question
an attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware
answer
spam
question
you want to use a protocol for encrypting e-mails that uses a PKI with x.509 certificates. which method should you choose
answer
S/MIME
question
What is the most common means of virus distribution
answer
e-mail
question
you install a new linux distribution on a server in your network.
answer
open SMTP relay
question
users in your organization receive email messages informing them that suspicious activity has be detected on their bank account
answer
phishing
question
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?
answer
peer-to-peer networking
question
What type of attack is most likely to succeed against communications between Instant Messaging clients?
answer
SNIFFING
question
Instant Messaging does not provide which of the ff.?
answer
privacy
question
Which of the ff. are disadvantages to server virtualization?
answer
a compromise of the host system might affect multiple servers;
question
You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the ff. would best protect your system?
answer
Run the browser within a virtual environment
question
Which of the ff. is an advantage of virtual browser?
answer
Protects the operating system from malicious downloads
question
Which of the ff. will enter random data to the inputs of an application?
answer
fuzzing
question
Which of the ff. is specifically meant to ensure that a program operates on clean, correct and useful data?
answer
input validation
question
during the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version
answer
configuration testing
question
during the application dev cycle, a developer asks serveral of his peers to asses the portion of the application he was assigned to write
answer
code review
