Question 1

________ can be used to track users at a website.

Accepted Answer

A)  Stacks 
B)  Stack entries 
C)  Buffers 
D)  Cookies 
A)  Stacks 
B)  Stack entries 
C)  Buffers 
D)  Cookies

Question 2

A common type of buffer overflow is the stack overflow.

Accepted Answer

A) True 
 B)False

Question 3

Compared to full programming languages, scripts ________.

Accepted Answer

A)  are more difficult to use than programming languages like Active-X 
B)  are easier to use than full programming languages 
C)  have similar protections to Java 
D)  are more difficult to use than programming languages like Java 
A)  are more difficult to use than programming languages like Active-X 
B)  are easier to use than full programming languages 
C)  have similar protections to Java 
D)  are more difficult to use than programming languages like Java

Question 4

There are some programs that must run with root privileges.

Accepted Answer

A) True 
 B)False

Question 5

________ is when one user's input can appear on the page of another user.

Accepted Answer

A)  Login screen bypass 
B)  Cross-site scripting 
C)  An SQL query 
D)  SQL injection 
A)  Login screen bypass 
B)  Cross-site scripting 
C)  An SQL query 
D)  SQL injection

Question 6

________ occurs when attackers take over a computer and produce false web pages.

Accepted Answer

A)  Directory traversal attack 
B)  Mobile code 
C)  Cross-site scripting 
D)  Website defacement 
A)  Directory traversal attack 
B)  Mobile code 
C)  Cross-site scripting 
D)  Website defacement

Question 7

Spam over IP telephony is called ________.

Accepted Answer

A)  RFC 
B)  SPIT 
C)  INVITE 
D)  VPN 
A)  RFC 
B)  SPIT 
C)  INVITE 
D)  VPN

Question 8

With directory traversal, the path ________ would allow an attacker to download the passwd file in the etc directory (on a Unix computer).

Accepted Answer

A)  /passwd 
B)  ../passwd 
C)  ../etc/passwd 
D)  ../root/passwd 
A)  /passwd 
B)  ../passwd 
C)  ../etc/passwd 
D)  ../root/passwd

Question 9

Firms with rigorous deployment policies use all of the following EXCEPT ________ for that purpose.

Accepted Answer

A)  development servers 
B)  testing servers 
C)  production servers 
D)  authentication servers 
A)  development servers 
B)  testing servers 
C)  production servers 
D)  authentication servers

Question 10

Which of the following is FALSE about cookies?

Accepted Answer

A)  Some websites use cookies. 
B)  Antispyware programs cannot identify dangerous cookies. 
C)  They allow a website to track what pages you have visited. 
D)  Cookies can remember your login name and password to websites. 
A)  Some websites use cookies. 
B)  Antispyware programs cannot identify dangerous cookies. 
C)  They allow a website to track what pages you have visited. 
D)  Cookies can remember your login name and password to websites.

Question 11

Many websites require users to have Active-X turned on.

Accepted Answer

A) True 
 B)False

Question 12

When someone speaks, a(n) ________ in the VoIP phone converts the voice into a stream of digital bytes.

Accepted Answer

A)  codec 
B)  RTP header 
C)  buffer 
D)  TCP 
A)  codec 
B)  RTP header 
C)  buffer 
D)  TCP

Question 13

After a program has been fully tested, it should be moved to a production server.

Accepted Answer

A) True 
 B)False

Question 14

In the Internet Options dialog box, the ________ tab lets you control what information is released to websites.

Accepted Answer

A)  Privacy 
B)  Advanced 
C)  Content 
D)  Security 
A)  Privacy 
B)  Advanced 
C)  Content 
D)  Security

Question 15

Typing URLs with ________ in them can give access to sensitive directories.

Accepted Answer

A)  .. 
B)  \ 
C)  :\ 
D)  :: 
A)  .. 
B)  \ 
C)  :\ 
D)  ::

Question 16

Many firms filter incoming e-mail messages and some filter outgoing messages as well.

Accepted Answer

A) True 
 B)False

Question 17

Under which of the following tabs in the Internet Options dialog box are cookies controlled?

Accepted Answer

A)  Privacy 
B)  Advanced 
C)  Content 
D)  Security 
A)  Privacy 
B)  Advanced 
C)  Content 
D)  Security

Question 18

The more popular scripting languages for mobile code are VBScript and JavaScript.

Accepted Answer

A) True 
 B)False

Question 19

Which of the following is considered quite powerful and can do almost anything on the client machine?

Accepted Answer

A)  JavaScript 
B)  Java 
C)  Active-X 
D)  VBScript 
A)  JavaScript 
B)  Java 
C)  Active-X 
D)  VBScript

Question 20

The dynamic nature of Ajax makes it susceptible to malicious code injection.

Accepted Answer

A) True 
 B)False

________ can be used to track users at a website.

A common type of buffer overflow is the stack overflow.

Compared to full programming languages, scripts ________.

There are some programs that must run with root privileges.

________ is when one user's input can appear on the page of another user.

________ occurs when attackers take over a computer and produce false web pages.

Spam over IP telephony is called ________.

With directory traversal, the path ________ would allow an attacker to download the passwd file in the etc directory (on a Unix computer).

Firms with rigorous deployment policies use all of the following EXCEPT ________ for that purpose.

Which of the following is FALSE about cookies?

Many websites require users to have Active-X turned on.

When someone speaks, a(n) ________ in the VoIP phone converts the voice into a stream of digital bytes.

After a program has been fully tested, it should be moved to a production server.

In the Internet Options dialog box, the ________ tab lets you control what information is released to websites.

Typing URLs with ________ in them can give access to sensitive directories.

Many firms filter incoming e-mail messages and some filter outgoing messages as well.

Under which of the following tabs in the Internet Options dialog box are cookies controlled?

The more popular scripting languages for mobile code are VBScript and JavaScript.

Which of the following is considered quite powerful and can do almost anything on the client machine?

The dynamic nature of Ajax makes it susceptible to malicious code injection.

The Threat Environment

Planning and Policy

Cryptography

Secure Networks

Access Control

Firewalls

Host Hardening

Data Protection

Incident and Disaster Response

Module a Networking Concepts

Filters

Exam 8: Application Security

________ can be used to track users at a website.

A common type of buffer overflow is the stack overflow.

Compared to full programming languages, scripts ________.

There are some programs that must run with root privileges.

________ is when one user's input can appear on the page of another user.

________ occurs when attackers take over a computer and produce false web pages.

Spam over IP telephony is called ________.

With directory traversal, the path ________ would allow an attacker to download the passwd file in the etc directory (on a Unix computer).

Firms with rigorous deployment policies use all of the following EXCEPT ________ for that purpose.

Which of the following is FALSE about cookies?

Many websites require users to have Active-X turned on.

When someone speaks, a(n) ________ in the VoIP phone converts the voice into a stream of digital bytes.

After a program has been fully tested, it should be moved to a production server.

In the Internet Options dialog box, the ________ tab lets you control what information is released to websites.

Typing URLs with ________ in them can give access to sensitive directories.

Many firms filter incoming e-mail messages and some filter outgoing messages as well.

Under which of the following tabs in the Internet Options dialog box are cookies controlled?

The more popular scripting languages for mobile code are VBScript and JavaScript.

Which of the following is considered quite powerful and can do almost anything on the client machine?

The dynamic nature of Ajax makes it susceptible to malicious code injection.

The Threat Environment

Planning and Policy

Cryptography

Secure Networks

Access Control

Firewalls

Host Hardening

Data Protection

Incident and Disaster Response

Module a Networking Concepts

Filters