Testout Chapter 9

Flashcard maker : Lily Taylor
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the
following would you restrict to accomplish this?
client-side scripts
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of
common attack?
buffer overflow
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or
gather personal information?
when you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is.
drive-by download
Having poor software development practices and failing to program input validation checks during development of
custom software can result in a system vulnerable to which type of attack?
buffer overflow
Which type of attack is the act of exploiting a software program’s free acceptance of input in order to execute
arbitrary code on a target?
buffer overflow
an attacker inserts SQL database commands into a data input field of an order form used by a web-based application
implementing client-side validation
while using a web-based order form, an attacker enters an unusually large value in the quantity field. the value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application.
integer overflow
flash explotation
lso exploit
Use of which of the ff. is a possible violation of privacy?
Which of the ff. is not true regarding cookies?
they operate within a security sandbox
Which of the ff. is a text file provided by a Web site to client that is stored on a user’s hard drive in order to track and record information about the user?
You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?
Allow first party cookies but block third-party cookies
To help prevent browser attacks, users of public computers should do which of the ff.?
clear the browser cache
You manage several Windows systems. Deskstop users access an in-house application that is hosted on you intranet Web server. When a user clicks a specific option in the application, they receive an error message that the popup was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?
Add the URL of the Web site to the Local Intranet zone.
you manage several windows systems. all computers are members of domain. you use an internal website that uses integrated windows authentication. you attempt to connect the website and are promted for authentication
add the internal website to the local intranet zone
You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl

You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do?

Add Kenyan.msn.pl to the e-mail blacklist.
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?
an attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware
you want to use a protocol for encrypting e-mails that uses a PKI with x.509 certificates. which method should you choose
What is the most common means of virus distribution
you install a new linux distribution on a server in your network.
open SMTP relay
users in your organization receive email messages informing them that suspicious activity has be detected on their bank account
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?
peer-to-peer networking
What type of attack is most likely to succeed against communications between Instant Messaging clients?
Instant Messaging does not provide which of the ff.?
Which of the ff. are disadvantages to server virtualization?
a compromise of the host system might affect multiple servers;
You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the ff. would best protect your system?
Run the browser within a virtual environment
Which of the ff. is an advantage of virtual browser?
Protects the operating system from malicious downloads
Which of the ff. will enter random data to the inputs of an application?
Which of the ff. is specifically meant to ensure that a program operates on clean, correct and useful data?
input validation
during the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version
configuration testing
during the application dev cycle, a developer asks serveral of his peers to asses the portion of the application he was assigned to write
code review

Get instant access to
all materials

Become a Member