Chapter 7 - Host, Data and Application Security Flashcards
What is the most common language used to speak to databases?
page 216
Structured Query Language (SQL)
What kind of database and application exist on a single system?
page 216
One-Tier Model or Single-Tier Model
In what tiered system model, does the client workstation or system runs an application that communicates with the database that is running on a different server.
page 217
Two-Tier Model
In what tiered system model effectively isolates the end user from the database by introducing a middle-tier server.
page 217
Three-Tier Model
What is NoSQL?
page 217
Is not a relational database and does not use SQL.
What is a SAN?
page 218
Storage Area Network
Is a separate network set up to appear as a server to the main organizational network.
What is a technique of providing unexpected values as input to an application in order to make it crash?
page 218
Fuzzing
What is the best way to prevent Fuzzing is…
page 218
Is to validate all input to ensure that input is of expected type.
What is OWASP?
page 219
Is a voluntary group dedicated to forming secure coding practices for web-based applications as well as mobile and client applications along with back-end design issues.
What is CERT Secure coding Standards?
page 219
Computer Emergency Response Team
Cover many of the same issues as OWASP, but they also have complete language-specific standards for Java, Perl, C and C++.
What are the three types of operating system patches?
page 220
- Hotfix
- Patch
- Service Pack
What are the different permissions?
page 220
- Full Control
- Modify
- Read & Execute
- Read
- Write
What are some actions you should take to keep safe from Malware?
page 221 Install antivirus software Install antispam filters Install antispyware software Use pop-up blockers Use host-based firewalls Use host-based IDS
A _____ _______ defines the level of security that will implemented and maintained.
page 226
Security Baseline
What types of Backups are there?
page 233
- Full
- Differential
- Incremental
What is a Differential Backup?
page 233
All changes since the last full backup are archived.
What is an Incremental Backup?
page 233
All changes since the last backup of any type are archived.
What is RAID 3 or 4?
page 234
The RAID uses one dedicated disk to store parity information. The storage capacity of the array is reduced by one disk (the one used for parity). If a disk fails, that is only a partial loss of data. The data remaining on the other disks, along with the parity information allows data to be recovered.
What is RAID 6?
page 234
This RAID level combines four or more disks in a way that protects data against the loss of any two disks. It accomplishes this by adding an additional parity block to RAID 5. Each of the parity blocks is distributed across the drive array so parity is not dedicated to any specific drive.
What is RAID 1+0 (or 10)?
page 234
“Stripe of Mirrors”, requires a minimum of 4 drives, 2 mirrored drives to hold half of the striped data, plus another 2 mirrored drives for the other half of the data.
What is RAID 0+1?
page 235
“Mirror of the Stripes”
This RAID level is the opposite or RAID 1+0, Here the stripes are mirrored. Array requires a minimum of 4 drives, 2 mirrored drives to replicate the data on the RAID 0 array.
