application defense II

Question 1

unwanted and unsolicited emails is called

Answer 1

span

Question 2

a email server that accepts mail and forwards it to other mail servers

Answer 2

open SMTP relay

Question 3

a email pretending to be from a trusted organization asking to verify personal information and send money

Answer 3

phishing

Question 4

To secure e-mail, use either

Answer 4

secure multipurpose internet mail extensions (S/MIME)

pretty good privacy (PGP)

Question 5

the process of preventing exploitation of vulnerabilities in software applications

Answer 5

application hardening

Question 6

this application hard technique prevents spawning in a application and will not be able to perform process spawning attack.

Answer 6

Block process spawning

Question 7

this application hard technique prevents executable files from modification by removing the write permissions given to applications

Answer 7

Control access to executable files

Question 8

this application hard technique prevents sensitive file system by removing write permissions given to specific applications

Answer 8

Protect OS components

Question 9

this application hard technique allow an administrator to bypass a specific hardening rule when an application has a legitimate need

Answer 9

use exceptions rules

Question 10

this application hard technique allows an administrator to identify potentially vulnerable applications and identify if an application is being exploited.

Answer 10

monitor logs

Question 11

a security feature prevents damages to your computer from viruses and other security threats

Answer 11

uses data execution prevention

Question 12

this application hard technique applies to third-party application hardening

Answer 12

Implement third-party applications hardening tools

Question 13

a type of spam targeting of instant messaging (IM) services

Answer 13

spim

Question 14

software implemented on a computer that executes programs like a physical machine.

Answer 14

virtual machine

Question 15

a file created on a operating system and simulates a hard disk for the virtual machine.

Answer 15

virtual hard disk drive

Question 16

a thin layer of software that allows virtual machines to interact with the hardware without going through the host operating system.

Answer 16

hypervisor

Question 17

this attack occurs when software is downloaded and installed without explicit consent

Answer 17

drive by download

Question 18

this attack occurs when an attacker registers a domain names that correlate the common typographical errors made by users

Answer 18

URL hijacking

Question 19

this attack occurs when a variation of phishing attack are being directed at a specific organization or person

Answer 19

watering hole

Question 20

this attack occurs when the operating system or application does not properly enforce boundaries for how much and what type of data can be imputed

Answer 20

buffer overload

Question 21

this attack occurs when a computational operation by a running process results in a numeric value that exceeds the max size of the integer type used to store in memory

Answer 21

integer overflow

Question 22

this attack injects script into web pages

Answer 22

cross site scripting

Question 23

this attack occurs when unauthorized commands are transmitted from a user to a Web site that currently trusts the user

Answer 23

Cross-site Request Forgery ((CSRF/XSRF)

Question 24

this attack uses malicious content in an XML message to alter the intended logic of the application.

Answer 24

XML injection