Host, Data, and Application Security Flashcards
Which of the following terms refers to the process of establishing a standard for security?
Baselining
Security evaluation
Hardening
Baselining
Baselining is the term for establishing a standard for security
You’ve been chosen to lead a team of administrators in an attempt to increase security. You’re currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a network operating system (NOS)?
Common criteria
Hardening
Encryption
Hardening
Hardening is the process of improving security in a network operating system, or any operating system
John is responsible for application security at his company. He is concerned that the application reacts appropriately to unexpected input. What type of testing would be most helpful to him?
Unit testing
Stress testing
Fuzzing
Fuzzing
Fuzzing is testing by entering incorrect data to test the applications response
Myra is concerned about database security. She wants to begin with a good configuration of the database. Which of the following is a fundamental issue with database configuration?
Normalization
Input validation
Fuzz testing
Normalization
Normalization is one of the most fundamental aspects of database configuration
Which of the following is the technique of providing unexpected values as input to an application to try to make it crash?
DLP
Fuzzing
Stress testing
Fuzzing
This is fuzzing or fuzz testing
Mary is responsible for website security in her company. She wants to address widely known and documented web application vulnerabilities. Which resource would be most helpful?
OWASP
CERT
NIST
OWASP
Open Web Application Security Project (OWASP)
You’re redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform at its best in order to benefit the sale. Which model is used to provide an intermediary server between the end user and the database?
One-tiered
Two-tiered
Three-tiered
Three-tiered
A three-tiered architecture has an intermediary server
The administrator at MTS was recently fired, and it has come to light that he didn’t install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up to date. What is a bundle of one or more system fixes in a single product called?
Service pack
Hotfix
Patch
Service pack
A service pack is a bundle of patches and hot fixes
Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can’t afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation?
Upgrading
Service pack installation
Hotfix
Hotfix
Hotfixes usually can be installed without rebooting the machine
Juan has just made a minor change to the company’s e-commerce application. The change works as expected. What type of testing is most important for him to perform?
Unit testing
Regression testing
Static testing
Regression testing
Regression testing tests to see if the change caused any other problems
Your company has grown at a tremendous rate, and the need to hire specialists in various IT areas has become apparent. You’re helping to write an online advertisement that will be used to recruit new employees, and you want to make certain that applicants possess the necessary skills. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads?
Hierarchical
Relational
Network
Relational
What is the process of applying manual changes to a program called?
Hotfix
Service pack
Patching
Patching
You want to assign privileges to a user so that she can delete a file but not be able to assign privileges to others. What permissions should you assign?
Full Control
Delete
Administrator
Delete
Always apply least privileges, and in this case that is Delete
Ahmed is responsible for security of a SCADA system. If availability is his biggest concern, what is the most important thing for him to implement?
SIEM
IPS
Automated patch control
IPS
An IPS will stop many attacks thus keeping the system online
Gerard is concerned about SQL injection attacks on his company’s e-commerce server. What security measure would be most important for him to implement?
Stress testing
Input validation
IPS
Input validation
Input validation can stop most SQL injection attacks