1300 Flashcards
What is unique about a cross-site scripting (XSS) attack compared to other injection attacks? A. SQL code is used in an XSS attack B. XSS requires the use of a browser C. XSS does not attack the Web application server to steal or corrupt its information D. XSS attacks are rarely used anymore compared to other injection attacks
C. XSS does not attack the Web application server to steal or corrupt its information
Each of the following can be used in an XSS attack except __________. A. HTML B. JavaScript C. Adobe Flash D. ICMP
D. ICMP
A cookie that was not created by the Web site being viewed is called a __________. A. first-party cookie B. second-party cookie C. third-party cookie C. fourth-party cookie
C. third-party cookie
The basis of a SQL injection attack is __________. A. to inject SQL statements through unfiltered user input B. to have the SQL server attack client Web browsers C. to link SQL servers into a botnet D. to expose SQL code so that it can be examined.
A. to inject SQL statements through unfiltered user input
Which of the following cannot be performed through a successful SQL injection attack? A. Display a list of customer telephone numbers B. Discover the names of different fields in a table C. Erase a database table D. Reformat the Web application server’s hard drive
D. Reformat the Web application server’s hard drive
A markup language that is designed to carry data is __________. A. ICMP B. HTTP C. HTML D. XML
D. XML
When an attacker can access files in directories other than the root directory - this is known as a(n) __________ attack. A. Command injection B. Directory traversal C. SQL injection D. XML injection
B. Directory traversal
A(n) __________ attack modifies the fields that contain the different characteristics of the data that is being transmitted. A. HTML packet B. SQL injection C. XML manipulation D. HTTP header
D. HTTP header
Which of the following cookies only lasts for the duration of visiting the Web site? A. Session B. Persistent C. Temporary D. RAM
A. Session
What is a session token? A. A random string assigned by a Web server B. The same as third-party cookie C. A unique identifier that includes the user’s e-mail address D. XML code used in an XML injection attack
A. A random string assigned by a Web server
Which of the following is not a security concern of the ActiveX add-on? A. the person who signed the control may not have properly assessed the control’s safety. B. A malicious ActiveX control can affect all users of that computer. C. ActiveX can be integrated with JavaScript D. ActiveX does not have safeguards and has full access to the Windows operating system
C. ActiveX can be integrated with JavaScript
Which of the following is not a DoS attack? A. Ping flood B. SYN flood C. Push flood D. Smurf
C. Push flood
What type of attack intercepts legitimate communication and forges a fictitious response to the sender? A. Man-in-the-Middle B. Interceptor C. SQL intrusion D. SIDS
A. Man-in-the-Middle
A replay attack __________. A. makes a copy of the transmission for use at a later time B. replays the attack over and over to flood the server C. can be prevented by patching the Web server D. is considered to be a type of DoS attack
A. makes a copy of the transmission for use at a later time
___________ is used to discover the MAC address of a client based on its IP address. A. Ping B. ICMP C. DNS D. ARP
D. ARP
DNS poisoning __________. A. is rarely found today due to the use of host tables B. can attack an external DNS server C. is the same as ARP poisoning D. floods a DNS server with requests until it can no longer respond
B. can attack an external DNS server
__________ involves using a third party to gain access rights. A. Transitive access B. Privilege escalation C. Active Rights Scaling (ARS) D. Directory traversal
A. Transitive access
The expected monetary loss that can be expected for an asset due to a risk over a one-year period.
Annualized Loss Expectancy (ALE)
The probability that a risk will occur in a particular year.
Annualized Rate of Occurrence (ARO)
The process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development.
Architectural Design
The code that can be executed by unauthorized users in a software program.
Attack Surface
A comparison of the present state of a system compared to its baseline.
Baseline Reporting
A test in which the tester has no prior knowledge of the network infrastructure that is being tested.
Black Box
Presenting the code to multiple reviewers in order to reach agreement about its security.
Code Review
An analysis of the design of a software program by key personnel from different levels of the project.
Design Review
The proportion of an asset’s value that is likely to be destroyed by a particular risk (expressed as a percentage).
Exposure Factor (EF)
A control that errs on the side of permissiveness in the event of a failure.
Fail-Open
A control that errs on the side of security in the event of a failure.
Fail-Safe (Fail-Secure)
A test where some limited information has been provided to the tester.
Gray Box
The process of eliminating as many security risks as possible and making the system more secure.
Hardening
A network set up with intentional vulnerabilities.
Honeynet
A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic - yet they are actually imitations of real data files - to trick attackers into revealing their attack techniques.
Honeypot
A test by an outsider to actually exploit any weaknesses in systems that are vulnerable.
Penetration Testing
Software to search a system for any port vulnerabilities.
Port Scanner
Hardware or software that captures packets to decode and analyze the contents.
Protocol Analyzer (Sniffer)
The expected monetary loss every time a risk occurs.
Single Loss Expectancy (SLE)
A systematic and methodical evaluation of the exposure of assets to attackers - forces of nature - or any other entity that is a potential harm.
Vulnerability Assessment
An automated software search through a system for any known security weaknesses that then creates a report of those potential exposures.
Vulnerability Scan
A test where the tester has an in-depth knowledge of the network and systems being tested - including network diagrams - IP addresses - and even the source code of custom applications.
White Box
Sending a packet with every option set on for whatever protocol is in use to observe how a host responds.
Xmas Tree Port Scan
A __________ is systematic and methodical evaluation of the exposure of assets to attackers - forces of nature - or any other entity that is a potential harm. A. penetration testing B. vulnerability scan C. vulnerability assessment D. risk appraisal (RAP)
C. Vulnerability assessment
Each of the following can be classified as an asset except __________. A. business partners B. buildings C. employee databases D. accounts payable
D. Accounts payable
Each of the following is a step in risk management except __________. A. attack assessment B. vulnerability appraisal C. threat evaluation D. risk mitigation
A. Attack assessment
Which of the following is true regarding vulnerability appraisal? A. Vulnerability appraisal is always the easiest and quickest step B. Every asset must be viewed in light of each threat C. Each threat could reveal multiple vulnerabilities D. Each vulnerability should be cataloged.
A. Vulnerability appraisal is always the easiest and quickest step
__________ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are - why they attack - and what types of attacks may occur. A. vulnerability prototyping B. risk assessment C. attack assessment D. threat modeling
D. threat modeling
What is a current snapshot of the security of an organization? A. vulnerability appraisal B. risk evaluation C. threat mitigation D. liability reporting
A. vulnerability appraisal
The __________ is the proportion of an asset’s value that is likely to be destroyed by a particular risk. A. Exposure Factor (EF) B. Single Loss Expectancy (SLE) C. Annualized Rate of Occurrence (ARO) D. Annualized Loss Expectancy (ALE)
A. Exposure Factor (EF)
Which of the following is NOT an option for dealing with risk? A. eliminate the risk B. accept the risk C. diminish the risk D. transfer the risk
A. Eliminate the risk
__________ is a comparison of the present security state of a system compared to a standard established by the organization. A. risk mitigation B. baseline reporting C. Comparative Resource Appraisal (CRA) D. Horizontal comparables
B. Baseline reporting
Each of the following is a state of a port that can be returned by a port scanner except: A. open B. busy C. blocked D. closed
B. busy
Each of the following is true regarding TCP SYN port scanning except __________ A. it uses FIN messages that can pass through firewalls and avoid detection B. instead of using the operating system’s network functions - the port scanner generates IP packets itself and monitors for responses C. the scanner host closes the connection before the handshake is completed D. this can type is also known as “half-open scanning” because it never actually opens a full TCP connection
A. it uses FIN messages that can pass through firewalls and avoid detection
The protocol File Transfer Protocol (FTP) uses which two ports? A. 10 and 20 B. 20 and 21 C. 21 and 22 D. 22 and 23
B. 20 and 21
A protocol analyzer places the computer’s network interface card (NIC) adapter into __________ mode. A. promiscuous B. full C. view D. real
A. promiscuous
Each of the following is a function of a vulnerability scanner except ___________. A. detect which ports are served and which ports are browsed for each individual system. B. alert users when a new patch cannot be found C. maintain a log of all interactive network sessions D. detect when an application is compromised
B. alert users when a new patch cannot be found
Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)? A. it only functions on Linux-based computers B. it attempts to standardize vulnerability assessments C. it has been replaced by XML D. it is a European standard and is not used in the Americas
B. It attempts to standardize vulnerability assessments
Which of the following is not true regarding a honeypot? A. it is typically located in an area with limited security B. it contains real data files because attackers can easily identify fake files C. it cannot be part of a honeynet D. it can direct an attacker’s attention away from legitimate servers
C. It cannot be part of a honeynet
Which of the following is true of vulnerability scanning? A. it uses automated software to scan for vulnerabilities B. the testers are always outside of the security perimeter C. it may disrupt the operation of the network or systems D. it produces a short report of the attack methods and value of the exploited data
A. it uses automated software to scan for vulnerabilities
If a tester is given the IP addresses - network diagrams - and source code of customer applications - then she is using which technique? A. black box B. white box C. gray box D. blue box
B. White box
If a software application aborts and leaves the program open - which control structure is it using? A. Fail-safe B. Fail-secure C. Fail-open D. Fail-right
C. Fail-open
A record or list of individuals who have permission to enter a secure area - the time that they entered - and the time they left the area.
Access List
A log that can provide details regarding requests for specific files on a system.
Access Log
Software that helps prevent computers from becoming infected by different types of spyware.
Anti-Spyware
Software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus.
Anti-Virus (AV)
A log that can track user authentication attempts.
Audit Log
Logs that are the second common type of security-related operating system logs.
Audit Records
Spam filtering software that analyzes the contents of every word in an e-mail and determines how frequently a word occurs in order to determine if it is spam.
Bayesian Filtering
A device that can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device to prevent it from being stolen.
Cable Lock
Using video cameras to transmit a signal to a specific and limited set of receivers used for surveillance in areas that require security monitoring.
Closed-Circuit Television (CCTV)
An attack that uses the user’s Web browser settings to impersonate the user.
Cross-Site Request Forgery (XSRF)
A system that can identify critical data - monitor how it is being accessed - and protect it from unauthorized users.
Data Loss Prevention (DLP)
A door lock that extends a solid metal bar into the door frame for extra security.
Deadbolt Lock
Faults in a program that occur while the application is running.
Errors (Exceptions)
Logs that can document any unsuccessful events and the most significant successful events.
Event Logs
Securing a restricted area by erecting a barrier.
Fencing
Hardware or software that is designed to prevent malicious packets from entering or leaving computers.
Firewall (Packet Filter)
A software testing technique that deliberately provides invalid - unexpected - or random data as inputs to a computer program.
Fuzz Testing (Fuzzing)
Using the Global Positioning System (GPS) to detect the location of a portable device.
GPS Tracking
Creating a virtualized environment to simulate the central processing unit (CPU) and memory of the computer to check for the presence of a virus.
Heuristic Detection
A firewall that runs as a program on a local system to protect it against attacks.
Host-Based Software Firewall
Software that addresses a specific customer situation and often may not be distributed outside that customer’s organization.
Hotfix
Verifying a user’s input to an application.
Input Validation
A secure storage unit that can be used for storing portable devices.
Locking Cabinet
A record of events that occur.
Log
A device that monitors and controls two interlocking doors to a small room (a vestibule) - designed to separate secure and non-secure areas.
Mantrap
A general software security update intended to cover vulnerabilities that have been discovered.
Patch
Either a program or a feature incorporated within a browser that stops pop-up advertisements from appearing.
Pop-Up Blocker
A device that detects an emitted signal in order to identify the owner.
Proximity Reader
A technology that can remotely erase data from a portable device and reset it to its default factory settings.
Remote Wipe/Sanitation
A ruggedized steel box with a lock.
Safe
Logs that are considered the primary source of log data.
Security Logs
A document or series documents that clearly defines the defense mechanisms an organization will employ to keep information secure.
Security Policy
Software that is a cumulative package of all security updates plus additional features.
Service Pack
A sequence of bytes (a string) found in the virus as a virus signature.
Signature File
Using encryption to mask the content of voice communication.
Voice Encryption
Heuristic detection is also known as __________.
Code Emulation
This AV software extracts a sequence of bytes (a string) found in the virus as the virus signature and scans computer looking for a match.
String Scanning
This type of scanning allows skipped bytes or ranges of bytes as it looks for a match.
Wildcard Scanning
This type of scanning mismatches allow a set number of bytes in the string to be any value regardless of their position in the string.
Mismatch Scanning
The residential lock most often used for keeping out intruders is the __________. A. privacy lock B. passage lock C. keyed entry lock D. encrypted key lock
C. keyed entry lock
A lock that extends a solid metal bar into the door frame for extra security is the ____________. A. deadman’s lock B. full bar lock C. deadbolt lock D. triple bar lock
C. deadbolt lock
