Question 1

On a compromised computer, if you mistype the name of a URL, you may be taken to a malicious website even if you set your browser security to high.

Accepted Answer

A) True 
 B)False

Question 2

When executing attack code, if the attacker has skillfully overwritten the return address, the return address will not point back to "data" in the buffer.

Accepted Answer

A) True 
 B)False

Question 3

Programmers can trust user input if the person is strongly authenticated.

Accepted Answer

A) True 
 B)False

Question 4

Like the public switched telephone network, VoIP technology is a closed system.

Accepted Answer

A) True 
 B)False

Question 5

To satisfy legal retention and other compliance regulations, companies should use ________ in IM.

Accepted Answer

A)  a presence server 
B)  a relay server 
C)  Either A or B 
D)  Neither A nor B 
A)  a presence server 
B)  a relay server 
C)  Either A or B 
D)  Neither A nor B

Question 6

Developers have permissions on the ________.

Accepted Answer

A)  development server 
B)  testing server 
C)  production server 
D)  Both A and B 
A)  development server 
B)  testing server 
C)  production server 
D)  Both A and B

Question 7

Scripts do not have the ability to permanently change your computer registry.

Accepted Answer

A) True 
 B)False

Question 8

Accepting cookies is necessary to use many websites.

Accepted Answer

A) True 
 B)False

Question 9

Spam over VoIP is called ________.

Accepted Answer

A)  VAM 
B)  SOVI 
C)  SPIT 
D)  SPIP 
A)  VAM 
B)  SOVI 
C)  SPIT 
D)  SPIP

Question 10

________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers.

Accepted Answer

A)  Skype 
B)  SIP 
C)  SPIT 
D)  IM 
A)  Skype 
B)  SIP 
C)  SPIT 
D)  IM

Question 11

Custom programs generally are safe because attackers do not know the code.

Accepted Answer

A) True 
 B)False

Question 12

Firewall port openings are required for SIP/H.323 messages.

Accepted Answer

A) True 
 B)False

Question 13

Generally speaking, vendors use similar mechanisms for downloading and installing patches.

Accepted Answer

A) True 
 B)False

Question 14

The Skype protocol is relatively easy for corporate firewalls to filter.

Accepted Answer

A) True 
 B)False

Question 15

Eavesdropping can be thwarted by encrypting ________.

Accepted Answer

A)  signaling traffic 
B)  transport traffic 
C)  Both A and B 
D)  Neither A nor B 
A)  signaling traffic 
B)  transport traffic 
C)  Both A and B 
D)  Neither A nor B

Question 16

Which comes third in a VoIP packet?

Accepted Answer

A)  RTP header 
B)  UDP header 
C)  IP header 
D)  codec byte stream 
A)  RTP header 
B)  UDP header 
C)  IP header 
D)  codec byte stream

Question 17

A VoIP caller wishing to contact another sends an INVITE message to ________.

Accepted Answer

A)  the caller's H.323 proxy server 
B)  the receiver's H.323 proxy server 
C)  the receiver directly 
D)  None of the above 
A)  the caller's H.323 proxy server 
B)  the receiver's H.323 proxy server 
C)  the receiver directly 
D)  None of the above

Question 18

SSL/TLS provides security ________.

Accepted Answer

A)  between the sender and his or her e-mail server 
B)  all the way between the sender and the receiver 
C)  Both A and B 
D)  Neither A nor B 
A)  between the sender and his or her e-mail server 
B)  all the way between the sender and the receiver 
C)  Both A and B 
D)  Neither A nor B

Question 19

The user reaches a webpage before logging in. This is a(n) ________ attack.

Accepted Answer

A)  login screen bypass 
B)  buffer overflow 
C)  XSS 
D)  SQL injection attack 
A)  login screen bypass 
B)  buffer overflow 
C)  XSS 
D)  SQL injection attack

Question 20

What e-mail standard provides end-to-end security?

Accepted Answer

A)  SSL/TLS 
B)  S/MIME 
C)  Both A and B 
D)  Neither A nor B 
A)  SSL/TLS 
B)  S/MIME 
C)  Both A and B 
D)  Neither A nor B

On a compromised computer, if you mistype the name of a URL, you may be taken to a malicious website even if you set your browser security to high.

When executing attack code, if the attacker has skillfully overwritten the return address, the return address will not point back to "data" in the buffer.

Programmers can trust user input if the person is strongly authenticated.

Like the public switched telephone network, VoIP technology is a closed system.

To satisfy legal retention and other compliance regulations, companies should use ________ in IM.

Developers have permissions on the ________.

Scripts do not have the ability to permanently change your computer registry.

Accepting cookies is necessary to use many websites.

Spam over VoIP is called ________.

________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers.

Custom programs generally are safe because attackers do not know the code.

Firewall port openings are required for SIP/H.323 messages.

Generally speaking, vendors use similar mechanisms for downloading and installing patches.

The Skype protocol is relatively easy for corporate firewalls to filter.

Eavesdropping can be thwarted by encrypting ________.

Which comes third in a VoIP packet?

A VoIP caller wishing to contact another sends an INVITE message to ________.

SSL/TLS provides security ________.

The user reaches a webpage before logging in. This is a(n) ________ attack.

What e-mail standard provides end-to-end security?

The Threat Environment

Planning and Policy

Cryptography

Secure Networks

Access Control

Firewalls

Host Hardening

Data Protection

Incident and Disaster Response

Module A: Networking Concepts

Filters

Exam 8: Application Security

On a compromised computer, if you mistype the name of a URL, you may be taken to a malicious website even if you set your browser security to high.

When executing attack code, if the attacker has skillfully overwritten the return address, the return address will not point back to "data" in the buffer.

Programmers can trust user input if the person is strongly authenticated.

Like the public switched telephone network, VoIP technology is a closed system.

To satisfy legal retention and other compliance regulations, companies should use ________ in IM.

Developers have permissions on the ________.

Scripts do not have the ability to permanently change your computer registry.

Accepting cookies is necessary to use many websites.

Spam over VoIP is called ________.

________ is a VoIP service that currently offers free calling among its customers over the Internet and reduced-cost calling to and from Public Switched Telephone Network customers.

Custom programs generally are safe because attackers do not know the code.

Firewall port openings are required for SIP/H.323 messages.

Generally speaking, vendors use similar mechanisms for downloading and installing patches.

The Skype protocol is relatively easy for corporate firewalls to filter.

Eavesdropping can be thwarted by encrypting ________.

Which comes third in a VoIP packet?

A VoIP caller wishing to contact another sends an INVITE message to ________.

SSL/TLS provides security ________.

The user reaches a webpage before logging in. This is a(n) ________ attack.

What e-mail standard provides end-to-end security?

The Threat Environment

Planning and Policy

Cryptography

Secure Networks

Access Control

Firewalls

Host Hardening

Data Protection

Incident and Disaster Response

Module A: Networking Concepts

Filters