2.3.2, 4.1.3, 2.3.3 Flashcards

1
Q

What is a buffer overflow vulnerability?

A

When a program writes more data to a buffer than it can handle, leading to the overflow of adjacent memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of vulnerability occurs when a user or process gains unauthorized access to higher-level privileges?

A

Privilege Escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the primary purpose of a Denial-of-Service (DoS) attack?

A

To overload a system with traffic, making it slow or unresponsive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the term used to describe security flaws that are unknown to the software vendor and have no available patch?

A

Zero-Day Vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of attack occurs when a user injects commands or code into a web server to execute?

A

Command Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SQL stands for:

A

Structured Query Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the primary purpose of Cross-site Scripting (XSS)?

A

To bypass access controls and impersonate users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which technology is subject to injection attacks when used for structuring data exchanged on the web?

A

XML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does Mobile Device Management (MDM) involve?

A

Administering mobile devices like smartphones and tablets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which deployment model allows employees to use their personal devices for work purposes?

A

Bring Your Own Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In the Corporate-Owned, Personally Enabled (COPE) deployment model, who maintains control over the device and its security?

A

The IT department

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of the Choose Your Own Device deployment model?

A

Employees choose their devices from a list provided by the company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which connection method is crucial for remote work and on-the-go connectivity, utilizing cellular data networks?

A

Cellular

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where is Wi-Fi connection commonly used?

A

Corporate offices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Bluetooth commonly used for?

A

File sharing and connecting peripherals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What unique challenges do deployment models and connection methods address in a corporate environment?

A

Connectivity and security of mobile devices

17
Q

How do deployment models and connection methods work together in a mobile solution?

A

They address different aspects of mobile device management

18
Q

What are firmware vulnerabilities?

A

Security flaws in embedded software

19
Q

What is a potential consequence of exploiting firmware vulnerabilities?

A

Unauthorized access to the host system

20
Q

When does hardware reach its end-of-life (EOL)?

A

When the manufacturer stops providing support and updates

21
Q

What is a common vulnerability associated with legacy hardware?

A

Lack of modern security features

22
Q

How can organizations mitigate hardware vulnerabilities?

A

Regularly apply patches and updates to firmware

23
Q

What is a characteristic of VM escape vulnerability?

A

Unauthorized access to the host system from a virtual machine

24
Q

How can resource reuse vulnerabilities be mitigated?

A

Implementing strong isolation mechanisms between VMs

25
Q

What is a cloud-specific vulnerability?

A

Inadequate identity, credential, and access management

26
Q

How can organizations address inadequate network security in cloud environments?

A

Implementing network segmentation

27
Q

What is a potential consequence of misconfigurations in cloud environments?

A

Loss of customer trust