|
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the |
client-side scripts |
|
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of |
buffer overflow |
|
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or |
xss |
|
when you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. |
drive-by download |
|
Having poor software development practices and failing to program input validation checks during development of |
buffer overflow |
|
Which type of attack is the act of exploiting a software program’s free acceptance of input in order to execute |
buffer overflow |
|
an attacker inserts SQL database commands into a data input field of an order form used by a web-based application |
implementing client-side validation |
|
while using a web-based order form, an attacker enters an unusually large value in the quantity field. the value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application. |
integer overflow |
|
flash explotation |
lso exploit |
|
Use of which of the ff. is a possible violation of privacy? |
cookies |
|
Which of the ff. is not true regarding cookies? |
they operate within a security sandbox |
|
Which of the ff. is a text file provided by a Web site to client that is stored on a user’s hard drive in order to track and record information about the user? |
cookie |
|
You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings? |
Allow first party cookies but block third-party cookies |
|
To help prevent browser attacks, users of public computers should do which of the ff.? |
clear the browser cache |
|
You manage several Windows systems. Deskstop users access an in-house application that is hosted on you intranet Web server. When a user clicks a specific option in the application, they receive an error message that the popup was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do? |
Add the URL of the Web site to the Local Intranet zone. |
|
you manage several windows systems. all computers are members of domain. you use an internal website that uses integrated windows authentication. you attempt to connect the website and are promted for authentication |
add the internal website to the local intranet zone |
|
You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do? |
Add Kenyan.msn.pl to the e-mail blacklist. |
|
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims? |
spamming |
|
an attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware |
spam |
|
you want to use a protocol for encrypting e-mails that uses a PKI with x.509 certificates. which method should you choose |
S/MIME |
|
What is the most common means of virus distribution |
|
|
you install a new linux distribution on a server in your network. |
open SMTP relay |
|
users in your organization receive email messages informing them that suspicious activity has be detected on their bank account |
phishing |
|
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet? |
peer-to-peer networking |
|
What type of attack is most likely to succeed against communications between Instant Messaging clients? |
SNIFFING |
|
Instant Messaging does not provide which of the ff.? |
privacy |
|
Which of the ff. are disadvantages to server virtualization? |
a compromise of the host system might affect multiple servers; |
|
You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the ff. would best protect your system? |
Run the browser within a virtual environment |
|
Which of the ff. is an advantage of virtual browser? |
Protects the operating system from malicious downloads |
|
Which of the ff. will enter random data to the inputs of an application? |
fuzzing |
|
Which of the ff. is specifically meant to ensure that a program operates on clean, correct and useful data? |
input validation |
|
during the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version |
configuration testing |
|
during the application dev cycle, a developer asks serveral of his peers to asses the portion of the application he was assigned to write |
code review |
Share This
Flashcard
