Domain 7: Systems and App Security

Question 1

Pointer overflow attack

Answer 1

Similar to buffer overflow. Attackers uses Buffer OF techniques to change it to point to malicious code.

Question 2

Directory transversal

Answer 2

Web attack to jump to higher level directories on web server.

Question 3

Covert Channel

Answer 3

Any non-standard means of communication

Question 4

SQL Escape Characters

Answer 4

Attacker uses as part of an attack script in web form field.

Question 5

File infecting virus

Answer 5

Attacks executables

Question 6

Stealth virus

Answer 6

Masks itself as another type of program to avoid detection

Question 7

Retrovirus

Answer 7

Attacks AV

Question 8

Multipartite virus

Answer 8

Attacks different parts of the host such as boot sector, exe’s, and apps.

Question 9

File extension attack

Answer 9

Using a long file name to hide a double extension

Question 10

Pharming

Answer 10

Social engineering attack. Attack on hosts file or DNS server

Question 11

Rogue SW

Answer 11

Trojan that works like ransomware

Question 12

Retina

Answer 12

Vuln scanning SW like Nessus

Question 13

System-key utility

Answer 13

Defense against windows based password cracking.

Question 14

Centralized Application management (CAM)

Answer 14

Virtual Desktops, SaaS

Question 15

COPE

Answer 15

Corporate Owned Personally Enabled

Question 16

DED

Answer 16

Dedicated computing device. aka IOT

Question 17

Private cloud

Answer 17

Internal network with Virtualization benefits

Question 18

Managed File Transfer (MFT)

Answer 18

Transfer of data to, from, in between clouds securely and reliably regardless of data file size.

Question 19

Erasure coding

Answer 19

Parity system for cloud. aka Data dispersion

Question 20

Cloud storage-level encryption

Answer 20

Encryption w/ keys managed by vendor

Question 21

Volume storage encryption

Answer 21

Cloud storage with keys managed by data admin.

Question 22

Data haven

Answer 22

Data friendly storage with low regulation/law. Could be TOR

Question 23

Directive 95/46 EC

Answer 23

Predecessor to GDPR. Non-Binding

Question 24

GDPR

Answer 24

Unify protections in 28 EU countries. Affects data transfer, accountability, sanctions

Question 25

Data Protection Impact Assessments (DPIA)

Answer 25

Evaluation of “privacy by default” policy

Question 26

Pretexting

Answer 26

Obtaining info through false pretenses

Question 27

MapReduce and Hadoop

Answer 27

Methodologies of processing very large DB’s in parallel

Question 28

Data owner vs. Information owner

Answer 28

Data owner controls data on the input side. Info owner assumes control on the output side

Question 29

JeOS

Answer 29

Just Enough Operating System. For virtual appliances

Question 30

Host clustering

Answer 30

Host machines are logically or physically to share resources

Question 31

Storage clustering

Answer 31

Servers managed and interconnected together for performance, reliability, capacity boost.

Question 32

Loose coupled cluster

Answer 32

Storage cluster with JBOD

Question 33

Tight coupled cluster

Answer 33

Storage cluster provided by manufacturer.