9.1.9 practice exam |
… |
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this? |
Client-side scripts |
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack? |
Buffer overflow |
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information? |
XSS |
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the windows to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred? |
Drive-by download |
Which of the following are subject to SQL injection attacks? |
Database servers |
You have a website that accepts input from users for creating customers’ accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input files and have those commands execute on the server. Which type of attack has occurred? |
SQL injection |
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack? |
Buffer overflow |
Which type of attack is the act of exploiting a software program’s free acceptance to input in order to execute arbitrary code on a target? |
Buffer overflow |
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for product that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing? |
Pop-up blocker |
While using a Web-based order form, an attacker enters an unusually large volume in the quantity field. Which type of attack has occurred in this scenario? |
Integer overflow |
While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user’s computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. What type of exploit has occurred in this scenario? |
Locally shared objects (LSO) exploit |
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names videoshare, vidshar, vidsshare. What type of attack has occurred in this scenario? |
typosquatting |
Match the exploit on the right with the appropriate description on the left. |
Watering hole attack-An attacker compromises a website, hoping that a target individual will access the site and be exposed to the exploit Arbitrary code execution exploit- a vulnerability in a running process allows an attacker to inject malicious instructions and run them LSO exploit- A flash cookie is used to collect information about the users browsing habits without their permission Zero-day attack- An attacker exploits computers application vulnerabilities before they are known and patches by the applications developer |
An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitting, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious users web browser. Which practice would have prevented this exploit? |
Implementing client-side validation |
While using a web-based order form, an attacker enters an unusually large value in the quantity field. what practices would have prevented this exploit? select two |
Implementing client-side validation Implementing server-side validation |
9.1.13 practice exam |
… |
Use of which of the following is a possible violation of privacy? |
Cookies |
Which of the following is not true regarding cookies? |
They operate within a security sandbox |
Which of the following is a text file provided by a Web site to client that is stored on a user’s hard drive in order to track and record information about the user? |
Cookie |
You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings? |
Allow first party cookies but block third-party cookies |
What is a cookie? |
A file saved on your hard drive that tracks Web site preferences and use. |
To help prevent browser attacks, users of public computers should do which of the following? |
Clear the browser cache |
You manage several Windows systems. Desktop users access an in-house application that is hosed on your intranet web servers. When a user clicks a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. what should you do? |
Add the URL of the website to the local intranet zone. |
You manage several Windows systems. All computers are members of a domain. What should you do? |
Add the internal website to the Local intranet zone |
9.3.8 practice exam |
… |
You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do? |
Add Kenyan.msn.pl to the e-mail blacklist. |
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims? |
Spamming |
An attacker sends an unwanted and unsolicited email message to multiple recipient with an attachment that contains malware. What kind of attack has occurred in this scenario? |
Spam |
Which of the following mechanism can you use to add encryption to e-mail? (Select two.) |
S/MIME PGP |
You want to use a protocol for encrypting e-mails that uses a PKI with X.509 certificates. Which method should you choose? |
S/MIME |
What is the most common means of virus distribution? |
|
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that enabled by default when the system boots. The SMTP daemon does not require authentication to send e-mail messages. Which type of e-mail attack is this server susceptible to? |
Open SMTP relay |
Users in your organization receive e-mail messages informing them that suspicious activity has been detected on their bank account. They are directed to click a link in the e-mail to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain. What kind of attack has occurred? |
Phishing |
9.4.7 practice exam |
… |
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet? |
Peer-to-Peer networking |
What type of attack is most likely to succeed against communications between Instant Messaging clients? |
Sniffing |
Instant Messaging does not provide which of the following? |
Privacy |
Your organizations security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. What should you do |
Implement an application control solution. |
You are implementing a new application control solution…. How should you configure that application control software to handle applications not contained in the whitelist? |
flag |
9.5.11 practice exam |
… |
Which of the following are disadvantages to server virtualization? |
A compromise of the host system might affect multiple servers |
Which of the following are disadvantages to server virtualization? |
A failure in one hardware component could affect multiple servers. |
You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the following would best protect your system? |
Run the browser within a virtual environment |
Which of the following is an advantage of virtual browser? |
Protects the host operating system from malicious downloads |
Which of the following are advantages of virtualization? (Select two.) |
Centralized administration Easy migration of system to different hardware. |
You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems versions and editions. What should you do? |
Create a new virtual switch configured for host-only (internal) networking Connect the virtual network interfaces in the virtual machines to the virtual switch. |
Match the virtualization feature not he right with the appropriate description on the left. |
Flexibility- Moving virtual machines between hypervisor hosts Testing- Verifying that security controls are working as designed Server consolidation- Performing a physical-to-virtual migration (P2V) Sandboxing- Isolating a virtual machine from the physical network |
You are responsible for maintaining Windows workstations operating systems in your organization. recently an update from Microsoft was automatically installed on your workstation that caused an application that was developed in-house to stop working. What should you do? select two |
Create a new virtual switch configured for bridged (external) networking. Connect the virtual network interfaces in the virtual machines to the virtual switch. |
9.6.12 practice exam |
… |
Which of the following will enter random data to the inputs of an application? |
Fuzzing |
Which of the following is specifically meant to ensure that a program operates on clean, correct and useful data? |
Input Validation |
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates them for security vulnerabilities. |
Configuration testing |
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario? |
Code viewing |
You’ve been assigned to evaluate NoSQL databases as a part of a dig data analysis initiative in your organization. Which of the following are likely to be true about this test system? select two |
The database admin user has no password assigned. Data will be stored in the database in unencrypted format |
You’ve been assigned to evaluate NoSQL databases as a part of a dig data analysis initiative in your organization. What should you do to harden this database before implementing it in a production environment? select two |
Disable anonymous access Implement an Application layer protocol to encrypt data prior to saving it in the database |
Chapter 9 Application Defense
Share This
Unfinished tasks keep piling up?
Let us complete them for you. Quickly and professionally.
Check Price