Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security + SY0-301 > Application Data & Host Security > Flashcards

Application Data & Host Security Flashcards

1
Q

You suspect that your server has been compromised because it has been running slow and is unresponsive. Using a network analyzer, you also notice that large amounts of network data are being sent out from the server. Which of the following is the most likely cause?

A. The server has a rootkit installed.
B. The server requires an operating system update.
C. The server is infected with spyware.
D. The server is part of a botnet.

A

D. If your system has been infected with a worm or virus and has become part of a botnet, at certain times it may take part in distributed denial-of-service attacks on another system on the Internet and may exhibit slow responsiveness and a large amount of network data being sent out of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

As part of your security baselining and operating system hardening, you want to make sure you protect yourself from vulnerabilities in your operating system software. Which of the following tasks should you perform?

A. Update antivirus signature files.
B. Install any patches or OS updates.
C. Use an encrypted file system.
D. Use a host-based intrusion detection system.

A

B. The most recent software updates and patches for your operating system will contain the latest bug and exploit fixes. This prevents known bugs and weakness in the operating system from being exploited.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You suspect that your server has been infected with a rootkit malware program. Which of the following actions would be most effective at removing the rootkit software?

A. Install antispyware software.
B. Disable the BIOS of the computer system and
reboot.
C. Install the latest operating system update patch.
D. Reinstall the operating system.

A

D. The most effective way to remove a rootkit is to reinstall the operating system. Simply running antivirus or antispyware software might not remove embedded rootkit files that can be hidden from security software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A user has brought a virus-infected laptop into the facility. It contains no antivirus protection software and hasn’t been hooked up to the network yet. What’s the best way to fix the laptop?

A. Get the laptop on the network and download antivirus software from a server.
B. Boot the laptop with an antivirus boot CD.
C. Get the laptop on the network and download antivirus software from the Internet.
D. Connect the laptop to another computer and clean it up from there.

A

B. If a computer is infected with a virus, do not connect it to a network or you run the risk of the virus infecting other computers and servers. Use an antivirus program on a boot CD to clean the virus off the laptop before connecting it to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are creating a standard security baseline for all users who use company mobile phones. Which of the following is the most effective security measure to protect against unauthorized access to the mobile device?

A. Enforce the use of a screen lock password.
B. Enable the GPS chip.
C. Install personal firewall software.
D. Automatically perform a daily remote wipe.

A

A. To prevent unauthorized access to the device in the event it is lost or stolen, you can enable a screen lock password. The user will not be able to access the device until he enters the password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your network has had a history of problems with users downloading software from the Internet that contains Trojan horse software with back-door access. Which of the following security mechanisms will help detect Trojan horse software activity?

A. Antispam software
B. Pop-up blocker
C. Host firewall software
D. Adware detection

A

C. A host-based firewall software program can detect abnormal network activity and alert the user that network connections are trying to send data outbound from your system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A security patch for your OS was released about a week after you applied the latest operating system service pack. What should you do?

A. Wait until the release of the next full service pack.
B. Download the patch only if you experience problems with the OS.
C. Do nothing—the security patch was probably included with the service pack.
D. Download and install the security patch.

A

D. Even though you just installed the latest service pack, a security vulnerability might have recently been discovered, requiring that you install a new security patch. You will not be protected from the vulnerability if you do not install the security patch, and it might be too dangerous to wait for it to be included in the next service pack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your application firewall is indicating that some type of HTTP worm is trying to infect one of your database servers, which also seems to be running an HTTP web server on port 80. This server does not need any type of web services. What should be done?

A. Install antivirus software.
B. Change the web server to use a different port.
C. Disable the web server.
D. Update your firewall software to the latest version.

A

C. Any application or service that is not needed by the server should be disabled or uninstalled. Leaving services enabled, such as a web server, could make the server vulnerable to web server attacks, including HTTP-based worms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

To protect the confidentiality of web user browsing history and web site credentials, which of the following security baseline policies should you enable for all user web browsers?

A. Block third-party cookies.
B. Periodically delete the browser cache.
C. Enforce SSL.
D. Disable JavaScript.

A

A. Third-party cookies are typically from advertising sites not related to the specific site you are browsing. By blocking these cookies, you will protect any identifying information in your web browsing history from being leaked to third-party companies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have recently installed antivirus software on several client workstations and performed a full scan of the systems. One of the systems was infected with a virus less than an hour after the installation of the software. Which of the following is the most likely
issue?

A. The virus was already pre-existing on the system.
B. Antivirus signatures need to be updated.
C. The virus could only be blocked by a pop-up
blocker.
D. Operating system software was out of date.

A

B. Your antivirus software is installed with a default database of virus signatures. It may be several months out of date, and it is a best practice to immediately run the signature file update to make sure you are running with the latest signatures, or else it may miss detecting a newly identified virus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your e-mail server has been listed on a spam black list because a large amount of spam is being relayed through it. Which of the following actions should you take?

A. Enable SMTP relay.
B. Use an antispam filter.
C. Disable SMTP relay.
D. Use SMTP relay authentication.

A

D. By using authenticated SMTP relay, you allow only authorized mail servers and clients to connect to your e-mail server to send and relay messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are implementing input validation for a web application that connects to a back-end database. Which of the following techniques can you use to ensure your input validation is working properly?

A. Testing input of known valid characters
B. Fuzzing
C. Escaping out command characters
D. SQL injection

A

B. Fuzzing is a testing technique that enters random, unexpected character sequences into application input forms to test how well they validate input. Fuzzing makes sure that all types of input data are tested to make sure they don’t crash your application, or cause exceptions that lead to security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

While testing exception handling with a web application, you encounter an error that displays a full URL path to critical data files for the application. Which of the following types of vulnerabilities would this application be susceptible to?

A. Buffer overflow
B. Session hijacking
C. Cross-site scripting
D. Directory traversal

A

D. Directory traversal is a vulnerability that allows an attacker who knows the details of an application server’s directory tree to manually traverse the directory using input commands in the URL location bar or input forms in the application. Error messages should never display the full paths of files to prevent hackers discovering the directory structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your web application currently checks authentication credentials from a user’s web browser cookies before allowing a transaction to take place. However, you have had several complaints of identity theft and unauthorized purchases from users of your site. Which of the following is the mostly likely cause?

A. Cross-site scripting
B. Session hijacking
C. Header manipulation
D. Lack of encryption

A

B. Session hijacking occurs when a malicious hacker is able to access your session cookie and then use the session information to make unauthorized requests as the target user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

To protect your users while web surfing, you create a web browser configuration baseline that will be applied to all of your users in your organization. Which of the following components should you block by default?

A. Unsigned ActiveX controls
B. JavaScript
C. Search engines
D. Web browsing history

A

A. Although ActiveX controls are required for many web sites to run correctly, you should never allow users to download unsigned ActiveX controls. If they are not properly signed and authenticated, they are most likely malicious.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

As part of your application hardening process, which of the following activities helps to prevent existing vulnerabilities in applications from being exploited?

A. Exception handling
B. Fuzzing
C. Updating to the latest software version or patch
D. Escaping

A

C. Application vendors will release updated software versions of their product or provide a security patch to resolve any security vulnerabilities in previous versions of the software. It is a best practice to always keep your application software up-to-date.

17
Q

An executive is traveling with his laptop computer to a conference. The contents of his laptop contain very confidential product information, including development specifications and product road maps. Which of the following techniques can be implemented to protect the confidentiality of the data on the laptop?

A. Make sure all software is up to date.
B. Password-protect the laptop BIOS.
C. Move the confidential documents to a USB key.
D. Encrypt the hard drive using a TPM.

A

D. A trusted platform module (TPM) allows the contents of the hard drive to be encrypted with encryption keys that are stored on the TPM chip, which can only be accessed by the end user. This prevents an unauthorized user from accessing the hard drive contents of equipment.

18
Q

You have had several instances of product development plans for your company being leaked to other, rival companies. Which data loss prevention technique can you use to prevent these documents from leaving your organization’s networks?

A. Use secure FTP for file transfers.
B. Block access to file sharing web sites.
C. Use a content filter to block development documents from being sent outbound.
D. Use a network firewall to block outbound connections to rival companies.

A

C. Using a content filter on your outbound traffic, you can detect and block development documents that are being sent outbound via e-mail attachments, IM file transfers, FTP, and web uploads.

19
Q

You are implementing a web application that communicates to a back-end database server that stores data for the web site. Which of the following hardening techniques can you use to help protect against SQL injection attacks?

A. Input validation
B. Fuzzing
C. Database encryption
D. Configuration baseline

A

A. To help prevent insertion of database commands into your web application input fields, you can require strong input validation to make sure that SQL commands cannot be passed on to the back-end database server.

20
Q

During testing of a web application, you discover that due to poor input validation, you can easily crash the server by entering values in the input forms much greater than the system can handle. What type of vulnerability is this?

A. Session hijacking
B. Buffer overflow
C. Privilege escalation
D. XML injection

A

B. Buffer overflows are caused primarily by poor input validation that allows illegal data to be entered into the application, causing processing limits to be exceeded

21
Q 
You have been tasked with applying a highly secure security template to one o fthe new servers. What is a security template an example of?
A. Patch management
B. Security Auditing
C. Configuration baseline
D. Imput validation
A

C. Configuration baseline

22
Q 
Which technology will prevent users from receiving unsolicited e-mails?
A. Host firewall
B. Anti-virus
C. Pop-up blocker
D. Anti-spam
A

D. Anti-spam

23
Q

Which fo the following describes a TPM?
A. A hashing function used to verify data integrity
B. A hardware chip used to store cryptograhic keys
C. It maps multiple private IP addresses to a single public IP address
D. A method of concealing data within data

A

TMP - Trusted Platform Module

B. A hardware chip used to store cryptograhic keys

24
Q 
What can you do to ensure that the data on your windows mobile device cannot be accessed if your storage card is stolen?
A. User mobile encryption
B. Password protect your phone
C. User voice encryption
D. Perform a remote wipe
A

A. User mobile encryption

25
Q

What is fuzzing.

A

software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes.

26
Q 
What can an attacker use to identify vulnerabilities in an application?
(A) Protocol analyzer
(B) Port scanner
(C) Fuzzing
(D) IPS
A

C

27
Q 
An organization recently created a security policy. Of the following choices, what is a technical implementation of security policy?
(A) Training
(B) Acceptable use acknowledgement
(C) Implicit deny rule in a firewall
(D) Job rotation
A 
C
Firewall rules (including the implicit deny rule) provide technical implementation of security policies. The others are controls
28
Q

What is HIDS ?

A

A host-based intrusion detection system (HIDS) can detect attacks (including successful attacks resulting in compromises) on local systems such as workstations and servers.

29
Q

A forensic expert created an image copy of a hard drive and created a chain of custody. What does the chain of custody provide?
(A) Confidentiality of the original data
(B) Documentation on who handled the evidence
(C) Verification of integrity with a hash
(D) Proof that the image wasn’t modified

A

B

Chain of custody shows who handled the evidence

30
Q

A website prevents users from using the less than character (

A

B
Web developers reduce cross-site scripting attacks with input validation and filtering out hypertext and JavaScript tags (using characters).

31
Q 
An attacker acting as on online merchant uses and end user's details to fraudulently purchase products from a manufacturer. What type of attack is this?
A Buffer Overflow
B. Command Injection
C. Privilege Escalation
D. Transitive access
A

D

32
Q

An attacker injects information into a response header, which is sent by the user to a server. The server then displays the content which overlays ta web page with a false resource. What type of attack is this?
A. Directory traversal attack
B. Privilege escalation
C. HTTP header manipulation attack

A

C

33
Q

What is an XSRF attack

A

Cross-site-request forgery the attacker can target applications that use cookies with hold stateful info which is used for authentication or session tracking on a targeted trusted site. May imbed an image or email that could invoke an action such as asking for a new pin. Thus the client sends an unauthorized request to the sever.

34
Q

What is a Transitive attack?

A

Middle man is used to authorize a request and the request is intercepted and modified.

35
Q

What is privilege escalation attack?

A

Attackers seek to gain unauthorized permissions. They may run malicious code with escalated privileges.

36
Q

What is a CLRF or HTTP Response Splitting?

A

This is an attack where a malicious URI is injected in to the HTTP header. A user then sends the request to the sender, which processes it. If the server does not detect any problems it returns an HTTP response with the content indicated by the attacker’s URI

37
Q

List the 3 primary buffer overflow attacks

A
  1. Stack overflow - changes the return address in the stack
  2. Heap overflow - var are cleared or manipulated
  3. array index overflow
38
Q

What are the two types of XSS - server side scripting attacks?

A

Persistent - stored in backend (DB)

Non-persistent -user/session based

Security + SY0-301 (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions