Chapter 7 - Host, Data and Application Security Flashcards

1
Q

What is the most common language used to speak to databases?

A

page 216

Structured Query Language (SQL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What kind of database and application exist on a single system?

A

page 216

One-Tier Model or Single-Tier Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In what tiered system model, does the client workstation or system runs an application that communicates with the database that is running on a different server.

A

page 217

Two-Tier Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In what tiered system model effectively isolates the end user from the database by introducing a middle-tier server.

A

page 217

Three-Tier Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is NoSQL?

A

page 217

Is not a relational database and does not use SQL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a SAN?

A

page 218
Storage Area Network
Is a separate network set up to appear as a server to the main organizational network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a technique of providing unexpected values as input to an application in order to make it crash?

A

page 218

Fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the best way to prevent Fuzzing is…

A

page 218

Is to validate all input to ensure that input is of expected type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is OWASP?

A

page 219
Is a voluntary group dedicated to forming secure coding practices for web-based applications as well as mobile and client applications along with back-end design issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is CERT Secure coding Standards?

A

page 219
Computer Emergency Response Team
Cover many of the same issues as OWASP, but they also have complete language-specific standards for Java, Perl, C and C++.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the three types of operating system patches?

A

page 220

  • Hotfix
  • Patch
  • Service Pack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the different permissions?

A

page 220

  • Full Control
  • Modify
  • Read & Execute
  • Read
  • Write
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are some actions you should take to keep safe from Malware?

A
page 221
Install antivirus software
Install antispam filters
Install antispyware software
Use pop-up blockers
Use host-based firewalls
Use host-based IDS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A _____ _______ defines the level of security that will implemented and maintained.

A

page 226

Security Baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What types of Backups are there?

A

page 233

  • Full
  • Differential
  • Incremental
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Differential Backup?

A

page 233

All changes since the last full backup are archived.

17
Q

What is an Incremental Backup?

A

page 233

All changes since the last backup of any type are archived.

18
Q

What is RAID 3 or 4?

A

page 234
The RAID uses one dedicated disk to store parity information. The storage capacity of the array is reduced by one disk (the one used for parity). If a disk fails, that is only a partial loss of data. The data remaining on the other disks, along with the parity information allows data to be recovered.

19
Q

What is RAID 6?

A

page 234
This RAID level combines four or more disks in a way that protects data against the loss of any two disks. It accomplishes this by adding an additional parity block to RAID 5. Each of the parity blocks is distributed across the drive array so parity is not dedicated to any specific drive.

20
Q

What is RAID 1+0 (or 10)?

A

page 234
“Stripe of Mirrors”, requires a minimum of 4 drives, 2 mirrored drives to hold half of the striped data, plus another 2 mirrored drives for the other half of the data.

21
Q

What is RAID 0+1?

A

page 235
“Mirror of the Stripes”
This RAID level is the opposite or RAID 1+0, Here the stripes are mirrored. Array requires a minimum of 4 drives, 2 mirrored drives to replicate the data on the RAID 0 array.