Ch 1 - National Security Assessment

Question 1

Warez

Answer 1

Pirated Media

Question 2

IIASA

Answer 2

International Institute of Applied System Analysis

Question 3

Defender’s Dilemma

Answer 3

a defender must ensure the integrity of an entire system, but an attacker only needs to exploit a single flaw.

Question 4

Zero-day exploits

Answer 4

cyber attack targeting a software vulnerability which is unknown to the software vendor or to antivirus vendors

Question 5

MITM

Answer 5

Man in the middle attack

Question 6

XXE

Answer 6

XML external entity (XXE) parsing - used toattack Web Applications

Question 7

Shellshock

Answer 7

Vulnerability in Unix bash

Question 8

Static Analysis

Answer 8

Auditing application source code, server configuration, infrastructure configuration, and architecture

Question 9

EAL4

Answer 9

Evaluation Assurance Level 4 - methodically
designed, tested, and reviewed

Question 10

NIST

Answer 10

National Institute of Standards and Technology

Question 11

DISA

Answer 11

Defence Information Systems Agency

Question 12

OWASP

Answer 12

Open Web Application Security Project - list of common
web application flaws

Question 13

XXS

Answer 13

Cross-site scripting

Question 14

CSFR

Answer 14

Cross-site script forgery

Question 15

Attack surfaces?

Answer 15

Client software, Server software, Web application