Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security + 501 - FHSU - Feb 3 - 13 > Domain 1.6 - Explain the impact associated with types of vulnerabilities. > Flashcards

Domain 1.6 - Explain the impact associated with types of vulnerabilities. Flashcards

1
Q

Embedded systems

A

These can be chips within Internet of Things (IoT) devices or controllers in manufacturing equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Improper Input Handling

A

Poorly handled input is a leading cause behind critical vulnerabilities that exist in systems and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Improper Error Handling

A

The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user or attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Misconfiguration/Weak Configuration

A

This can be as simple as failing to change default settings or default passwords. Can be a matter of not having the appropriate training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Default Configuration

A

In many cases this is one of the easiest vulnerabilities to exploit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a form of Denial-of-Service attack where you make a system continuously allocate additional resources until the system hangs or crashes?

A

Resource Exhaustion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is typically the weakest point in an organizations security posture?

A

Untrained Users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name a vulnerable business process.

A

Failure to perform background checks properly or to verify vendors is a vulnerability.

Acquiring software from suspect sources is a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

802.11i pertains to one thing for the test.

A

WPA2 - which is a form of encryption for wireless.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Memory leak

A

It would not release the RAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Buffer overflow

A

Someone is trying to send too many packets or too large of packets to your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

System Sprawl

A

As the network grows, it becomes more difficult to track all the equipment and software on the network. This can lead to undocumented assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Zero Day

A

An exploit that has yet to be patched. whether exploited or not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Denise is testing an application that is multithreaded. Which of the following is a specific concern for multithreaded applications?

A. Input validation
B. Memory overflow
C. Race conditions
D. Unit testing

A

C. Race conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A user downloaded and installed a new software application from a questionable source that resulted in the installation of a Trojan Horse. What vulnerability is MOST likely?

A. Business Process
B. Weak Encryption Cypher
C. Race conditions
D. Faulty Network Design

A

A. Business Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security + 501 - FHSU - Feb 3 - 13 (39 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions