Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber-Security > Chapter 10 > Flashcards

Chapter 10 Flashcards

1
Q

What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?

A

input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?

A

input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The AccessFileName directive in Apache, along with a configuration file (such as .htaccess), can be used to perform which of the following on a Web site?

A

Restrict directory access to those with authorized user credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is an alternative term used when referring to Application Security?

A

AppSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers?

A

SQLOLEDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?

A

injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What tag is used to indicate ASP code?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the specific act of checking a user’s privileges to understand if they should or should not have access to a page, field, resource, or action in an application?

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

HTML Web pages containing connection strings are more vulnerable to attack. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Web servers use which of the following elements in an HTML document to allow an individual to submit information to the Web server?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Entering the value OR 1=1 in a Web application that has an “Enter Your PIN” field is most likely an example of which attack?

A

SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If a Web server isn’t protected, an attacker can gain access through remote administration interfaces. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

OLE DB relies on connection strings that enable the application to access the data stored on an external device.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following can be used to connect a Web server to a back-end database server? (Choose all that apply.)

A

OLE DB
ADO
ODBC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?

A

cgi-bin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following vulnerabilities occur when untrusted data is accepted as input to an application without being properly validated?

A

injection vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Adobe System’s ColdFusion uses its proprietary tags, which are written in which of the following languages?

A

CFML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

CGI is used in Microsoft ASP pages. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following application tests analyzes an application’s source code for vulnerabilities, and is therefore only possible when the source code of an application is available?

A

Static Application Security Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which specific type of tag do All CFML tags begin with?

A

CF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which JavaScript function is a “method” or sequence of statements that perform a routine or task?

A

getElementById()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?

A

OLE DB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A user can view the source code of a PHP file by using their Web browser’s tools.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

IIS is used on more than twice as many Web servers as Apache Web Server. True or False?

A

False

26
Q

Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?

A

Microsoft Security Bulletin

27
Q

What is authorization testing?

A

Testing an application’s access control mechanisms to ensure only users who should have access to resources do

28
Q

An HTML Web page containing ASP code must be compiled before running. True or False?

A

False

29
Q

Which of the following is an open-source technology for creating dynamic HTML Web pages?

A

PHP

30
Q

Which of the following is the interface that determines how a Web server passes data to a Web browser?

A

CGI

31
Q

What tags identify ColdFusion as the scripting language?

A

The letters CF

32
Q

The AccessFileName directive in Apache, along with a configuration file (such as .htaccess), can be used to perform which of the following on a Web site?

A

Restrict directory access to those with authorized user credentials.

33
Q

Which of the following is an alternative term used when referring to Application Security?

A

AppSec

34
Q

Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers?

A

SQLOLEDB

35
Q

Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?

A

injection

36
Q

What tag is used to indicate ASP code?

A
37
Q

What is the specific act of checking a user’s privileges to understand if they should or should not have access to a page, field, resource, or action in an application?

A

authorization

38
Q

HTML Web pages containing connection strings are more vulnerable to attack. True or False?

A

True

39
Q

Web servers use which of the following elements in an HTML document to allow an individual to submit information to the Web server?

A
40
Q

Entering the value OR 1=1 in a Web application that has an “Enter Your PIN” field is most likely an example of which attack?

A

SQL injection

41
Q

If a Web server isn’t protected, an attacker can gain access through remote administration interfaces. True or False?

A

True

42
Q

OLE DB relies on connection strings that enable the application to access the data stored on an external device.

A

True

43
Q

Which of the following can be used to connect a Web server to a back-end database server? (Choose all that apply.)

A

OLE DB
ADO
ODBC

44
Q

To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?

A

cgi-bin

45
Q

Which of the following vulnerabilities occur when untrusted data is accepted as input to an application without being properly validated?

A

injection vulnerability

46
Q

Adobe System’s ColdFusion uses its proprietary tags, which are written in which of the following languages?

A

CFML

47
Q

CGI is used in Microsoft ASP pages. True or False?

A

False

48
Q

Which of the following application tests analyzes an application’s source code for vulnerabilities, and is therefore only possible when the source code of an application is available?

A

Static Application Security Testing

49
Q

CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.

A

True

50
Q

Which specific type of tag do All CFML tags begin with?

A

CF

51
Q

Which JavaScript function is a “method” or sequence of statements that perform a routine or task?

A

getElementById()

52
Q

Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?

A

OLE DB

53
Q

A user can view the source code of a PHP file by using their Web browser’s tools.

A

False

54
Q

IIS is used on more than twice as many Web servers as Apache Web Server. True or False?

A

False

55
Q

Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?

A

Microsoft Security Bulletin

56
Q

What is authorization testing?

A

Testing an application’s access control mechanisms to ensure only users who should have access to resources do

57
Q

An HTML Web page containing ASP code must be compiled before running. True or False?

A

False

58
Q

Which of the following is an open-source technology for creating dynamic HTML Web pages?

A

PHP

59
Q

Which of the following is the interface that determines how a Web server passes data to a Web browser?

A

CGI

60
Q

What tags identify ColdFusion as the scripting language?

A

The letters CF

Cyber-Security (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions