Chapter 9 Application Defense

Your page rank:

Total word count: 1764
Pages: 6

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

9.1.9 practice exam

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?

Client-side scripts

A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?

Buffer overflow

Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?

XSS

When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the windows to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?

Drive-by download

Which of the following are subject to SQL injection attacks?

Database servers

You have a website that accepts input from users for creating customers’ accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input files and have those commands execute on the server. Which type of attack has occurred?

SQL injection

Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

Buffer overflow

Which type of attack is the act of exploiting a software program’s free acceptance to input in order to execute arbitrary code on a target?

Buffer overflow

As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for product that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?

Pop-up blocker

While using a Web-based order form, an attacker enters an unusually large volume in the quantity field. Which type of attack has occurred in this scenario?

Integer overflow

While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user’s computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. What type of exploit has occurred in this scenario?

Locally shared objects (LSO) exploit

Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names videoshare, vidshar, vidsshare. What type of attack has occurred in this scenario?

typosquatting

Match the exploit on the right with the appropriate description on the left.

Watering hole attack-An attacker compromises a website, hoping that a target individual will access the site and be exposed to the exploit Arbitrary code execution exploit- a vulnerability in a running process allows an attacker to inject malicious instructions and run them LSO exploit- A flash cookie is used to collect information about the users browsing habits without their permission Zero-day attack- An attacker exploits computers application vulnerabilities before they are known and patches by the applications developer

An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitting, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious users web browser. Which practice would have prevented this exploit?

Implementing client-side validation

While using a web-based order form, an attacker enters an unusually large value in the quantity field. what practices would have prevented this exploit? select two

Implementing client-side validation Implementing server-side validation

9.1.13 practice exam

Use of which of the following is a possible violation of privacy?

Cookies

Which of the following is not true regarding cookies?

They operate within a security sandbox

Which of the following is a text file provided by a Web site to client that is stored on a user’s hard drive in order to track and record information about the user?

Cookie

You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?

Allow first party cookies but block third-party cookies

What is a cookie?

A file saved on your hard drive that tracks Web site preferences and use.

To help prevent browser attacks, users of public computers should do which of the following?

Clear the browser cache

You manage several Windows systems. Desktop users access an in-house application that is hosed on your intranet web servers. When a user clicks a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. what should you do?

Add the URL of the website to the local intranet zone.

You manage several Windows systems. All computers are members of a domain. What should you do?

Add the internal website to the Local intranet zone

9.3.8 practice exam

You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl

You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do?

Add Kenyan.msn.pl to the e-mail blacklist.

Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?

Spamming

An attacker sends an unwanted and unsolicited email message to multiple recipient with an attachment that contains malware. What kind of attack has occurred in this scenario?

Spam

Which of the following mechanism can you use to add encryption to e-mail? (Select two.)

S/MIME PGP

You want to use a protocol for encrypting e-mails that uses a PKI with X.509 certificates. Which method should you choose?

S/MIME

What is the most common means of virus distribution?

E-mail

You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that enabled by default when the system boots. The SMTP daemon does not require authentication to send e-mail messages. Which type of e-mail attack is this server susceptible to?

Open SMTP relay

Users in your organization receive e-mail messages informing them that suspicious activity has been detected on their bank account. They are directed to click a link in the e-mail to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain. What kind of attack has occurred?

Phishing

9.4.7 practice exam

What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?

Peer-to-Peer networking

What type of attack is most likely to succeed against communications between Instant Messaging clients?

Sniffing

Instant Messaging does not provide which of the following?

Privacy

Your organizations security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. What should you do

Implement an application control solution.

You are implementing a new application control solution…. How should you configure that application control software to handle applications not contained in the whitelist?

flag

9.5.11 practice exam

Which of the following are disadvantages to server virtualization?

A compromise of the host system might affect multiple servers

Which of the following are disadvantages to server virtualization?

A failure in one hardware component could affect multiple servers.

You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the following would best protect your system?

Run the browser within a virtual environment

Which of the following is an advantage of virtual browser?

Protects the host operating system from malicious downloads

Which of the following are advantages of virtualization? (Select two.)

Centralized administration Easy migration of system to different hardware.

You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems versions and editions. What should you do?

Create a new virtual switch configured for host-only (internal) networking Connect the virtual network interfaces in the virtual machines to the virtual switch.

Match the virtualization feature not he right with the appropriate description on the left.

Flexibility- Moving virtual machines between hypervisor hosts Testing- Verifying that security controls are working as designed Server consolidation- Performing a physical-to-virtual migration (P2V) Sandboxing- Isolating a virtual machine from the physical network

You are responsible for maintaining Windows workstations operating systems in your organization. recently an update from Microsoft was automatically installed on your workstation that caused an application that was developed in-house to stop working. What should you do? select two

Create a new virtual switch configured for bridged (external) networking. Connect the virtual network interfaces in the virtual machines to the virtual switch.

9.6.12 practice exam

Which of the following will enter random data to the inputs of an application?

Fuzzing

Which of the following is specifically meant to ensure that a program operates on clean, correct and useful data?

Input Validation

During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates them for security vulnerabilities.
Which assessment technique was used in this scenario?

Configuration testing

During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?

Code viewing

You’ve been assigned to evaluate NoSQL databases as a part of a dig data analysis initiative in your organization. Which of the following are likely to be true about this test system? select two

The database admin user has no password assigned. Data will be stored in the database in unencrypted format

You’ve been assigned to evaluate NoSQL databases as a part of a dig data analysis initiative in your organization. What should you do to harden this database before implementing it in a production environment? select two

Disable anonymous access Implement an Application layer protocol to encrypt data prior to saving it in the database

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending