Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Block 5 - Cyber Security > 2C > Flashcards

2C Flashcards

1
Q

A system or network can be thoroughly protected through various security measures, but all that security can be undone if an unsecure application is installed. ___ ___ is ensuring the integrity of software.

A

Application security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does SDLC stand for?

A

Software Development Life Cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The development process of an application is outlined in…?

A

SDLC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SDLCs are divided into ___. The number and type of ___ depends on which SDLC model is used.

A

phases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the common SDLC phases?

A
  1. Requirements Gathering and Analysis
  2. Design
  3. Implementation
  4. Testing
  5. Deployment
  6. Maintenance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The following describes which phase of SDLC?

Before developing an application, developers need to
know the requirements, that is, what the application is supposed to do.

A

Requirements Gathering and Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The following describes which phase of SDLC?

Design the application using the requirements given.

A

Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The following describes which phase of SDLC?

The application’s code gets written in this phase.

A

Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The following describes which phase of SDLC?

The code must be checked for functionality, that the application does what it’s designed to do. Developers should also input random invalid data into input fields to check for crashes, memory leaks, and other bugs. This process is known as fuzzing.

A

Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The following describes which phase of SDLC?

This phase consists of installing the application on the production servers.

A

Deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The following describes which phase of SDLC?

The software’s users provide feedback to the developers. Any problems that are reported are fixed.

A

Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the two different types of SDLC models?

A
  1. Waterfall
  2. Agile
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The following describes which type of SDLC model?

In this model, each phase of development must be completed prior to passing on to the following phase. Backtracking is not permitted, because it is considered costly to do so. The phases of the ___ SDLC include requirements gathering, system design, implementation, testing, and maintenance.

A

Waterfall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The following describes which type of SDLC model?

As opposed to the waterfall model, ____ allows backtracking as necessary. With ___, the development project is divided into smaller modules called sprints. Each sprint lasts approximately four weeks, after which the module would be released, and the next sprint would begin. Each sprint contains all the phases of the ____ SDLC (plan, design, build, launch, review, and test)

A

Agile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Best practices dictate that software developers provide ____ ____, ensuring that when data is entered into an application and buttons are pressed, the desired result happens. Ensure that no
possible keyboard characters leave room for manipulation by hackers.

A

input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Application ____ reduces security issues on a network by taking measures to prevent them in the first place.

A

hardening

17
Q

What are some of the most common application vulnerabilities?

A
  1. Peer to Peer File Sharing
  2. ActiveX Controls
  3. Cookies
  4. Scripting
  5. Cross Site Scripting
18
Q

The following describes which application vulnerability?

Files such as music, videos and software can be shared online between users using _____ applications, such as BitTorrent. This is a common method of transmitting malicious code.

A

Peer to Peer File Sharing

19
Q

The following describes which application vulnerability?

Web sites and applications using ___ ___ can manipulate a system, obtaining full system access and potentially exploiting security vulnerabilities. On a Microsoft Internet browser, a user might be prompted to agree to run ___ ___. This practice should be discouraged

A

ActiveX Controls

20
Q

The following describes which application vulnerability?

Web sites store ___ (small text files) client computers that contain user preferences and logon information on. If the text file is accessed by someone else, they can see the information on it. HTTP traffic is unencrypted and can be intercepted.

A

Cookies

21
Q

The following describes which application vulnerability?

Recall from Unit 1, Risks, Threats, and Vulnerabilities, that a ___ is a list of commands to be performed by a program or scripting engine. ____ are used to automate processes on a computer and for generating web pages. This creates an application security issue
because ____ can make modifications to a system without user input.

A

Scripting

22
Q

The following describes which application vulnerability?

_____ (XSS) is a common attack that uses JavaScript to inject malicious code into a web application. XSS can compromise user accounts, activate Trojan horse programs, mislead users into revealing private data, and enable a perpetrator to steal session cookies to impersonate users. In _____ (XSS), remember that hackers can inject malicious code into websites.

A

Cross-site scripting (XSS)

23
Q

What are the four Application Vulnerability Prevention Techniques?

A
  1. Apply software patches
  2. Application configuration baseline
  3. Application hardening
  4. Cross-site request forgery prevention
24
Q

The following describes which application vulnerability prevention techniques?

In addition to input validation, application security best practices dictate that any software being used should be kept up to date with the most current security patches to remove vulnerabilities. This includes both applications and operating systems.

A

Apply software patches

25
Q

The following describes which application vulnerability prevention techniques?

The software that your network uses should be configured with security in mind. Any options that can be modified to make the application more secure should be done if the necessary functionality is not impeded.

A

Application configuration baseline

26
Q

The following describes which application vulnerability prevention techniques?

Any features of applications that are not necessary should be disabled for users.

A

Application hardening

27
Q

The following describes which application vulnerability prevention techniques?

Websites may contain code that references another web page that take the user’s unexpired cookies for authentication. “Remember Me” should be denied by users in the browser to avoid this. Developers should set cookies to expire quickly.

A

Cross-site request forgery prevention

28
Q

___ data puts the information in an unreadable format until
an authorized person decrypts the data, which places it back to cleartext ( a readable format).

A

File encryption

29
Q

Files can be encrypted at two levels—either encrypt the file in ___ or encrypt the file while it is in ___ from one location to another.

A

storage
transit

30
Q

The benefit of encrypting the file in storage is that if hackers can get physical access to the system, they can normally bypass the permissions set by the system. If encrypting data in storage, and a hacker somehow circumvents the permissions, you will ensure that the data is ____.

A

unreadable

31
Q

When encrypting information in transit, you typically encrypt the communications channel between the two systems; that is, all data that runs through the communication channel is encrypted and so is the tunnel it is traveling through. By encrypting the information in transit, you ensure that someone who taps into the communication cannot…?

A

read the information they have tapped into

32
Q

An ___ detects suspicious activity on a host or a network, logs it, and
alerts system or network administrators.

A

IDS

33
Q

What does IDS stand for?

A

Intrusion Detection System

34
Q

____ monitor hosts or networks for suspicious activity and take corrective action.

A

IPS

35
Q

What does IPS stand for?

A

Intrusion Prevention System

36
Q

IDSs and IPSs can be either host-based (HIDS/HIPS) or ____ (NIDS/NIPS).

A

network based

37
Q

A host-based intrusion detection system displays notifications within the application (or sends them to a designated email address). You review the notification events to identify any suspicious activity on the system. When looking at the output, review the date and time of the event, the source of the event, and the account that caused the event to occur. Using this information, you can decide whether a configuration change is needed. Host-based intrusion prevention systems actively protect the host by ___ ___.

A

stopping attacks

Block 5 - Cyber Security (24 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions