Host, Data, and Application Security Flashcards

1
Q

Which of the following terms refers to the process of establishing a standard for security?

Baselining

Security evaluation

Hardening

A

Baselining

Baselining is the term for establishing a standard for security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You’ve been chosen to lead a team of administrators in an attempt to increase security. You’re currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a network operating system (NOS)?

Common criteria

Hardening

Encryption

A

Hardening

Hardening is the process of improving security in a network operating system, or any operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

John is responsible for application security at his company. He is concerned that the application reacts appropriately to unexpected input. What type of testing would be most helpful to him?

Unit testing

Stress testing

Fuzzing

A

Fuzzing

Fuzzing is testing by entering incorrect data to test the applications response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Myra is concerned about database security. She wants to begin with a good configuration of the database. Which of the following is a fundamental issue with database configuration?

Normalization

Input validation

Fuzz testing

A

Normalization

Normalization is one of the most fundamental aspects of database configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is the technique of providing unexpected values as input to an application to try to make it crash?

DLP

Fuzzing

Stress testing

A

Fuzzing

This is fuzzing or fuzz testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Mary is responsible for website security in her company. She wants to address widely known and documented web application vulnerabilities. Which resource would be most helpful?

OWASP

CERT

NIST

A

OWASP

Open Web Application Security Project (OWASP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You’re redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform at its best in order to benefit the sale. Which model is used to provide an intermediary server between the end user and the database?

One-tiered

Two-tiered

Three-tiered

A

Three-tiered

A three-tiered architecture has an intermediary server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The administrator at MTS was recently fired, and it has come to light that he didn’t install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up to date. What is a bundle of one or more system fixes in a single product called?

Service pack

Hotfix

Patch

A

Service pack

A service pack is a bundle of patches and hot fixes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can’t afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation?

Upgrading

Service pack installation

Hotfix

A

Hotfix

Hotfixes usually can be installed without rebooting the machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Juan has just made a minor change to the company’s e-commerce application. The change works as expected. What type of testing is most important for him to perform?

Unit testing

Regression testing

Static testing

A

Regression testing

Regression testing tests to see if the change caused any other problems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your company has grown at a tremendous rate, and the need to hire specialists in various IT areas has become apparent. You’re helping to write an online advertisement that will be used to recruit new employees, and you want to make certain that applicants possess the necessary skills. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads?

Hierarchical

Relational

Network

A

Relational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the process of applying manual changes to a program called?

Hotfix

Service pack

Patching

A

Patching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You want to assign privileges to a user so that she can delete a file but not be able to assign privileges to others. What permissions should you assign?

Full Control

Delete

Administrator

A

Delete

Always apply least privileges, and in this case that is Delete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Ahmed is responsible for security of a SCADA system. If availability is his biggest concern, what is the most important thing for him to implement?

SIEM

IPS

Automated patch control

A

IPS

An IPS will stop many attacks thus keeping the system online

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Gerard is concerned about SQL injection attacks on his company’s e-commerce server. What security measure would be most important for him to implement?

Stress testing

Input validation

IPS

A

Input validation

Input validation can stop most SQL injection attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Elizabeth works for a company that manufactures portable medical devices, such as insulin pumps. She is concerned about security for the device. Which of the following would be the most helpful in securing these devices?

Ensure that all communications with the device are encrypted.

Ensure that the devices have FDE.

Ensure that the devices have been stress tested.

A

Ensure that all communications with the device are encrypted.

Encrypt all transmissions

17
Q

Vincent is a programmer working on an e-commerce site. He has conducted a vulnerability scan and discovered a flaw in a third-party module. There is an update available for this module that fixes the flaw. What is the best approach for him to take to mitigate this threat?

Submit an RFC.

Immediately apply the update.

Document the issue.

A

Submit an RFC.

Always use change management

18
Q

Which of the following would be the most secure way to deploy a legacy application that requires a legacy operating system?

Sandboxing

Stress testing

Dynamic testing

A

Sandboxing

Sandboxing the application would be the most secure

19
Q

Denish is testing an application that is multithreaded. Which of the following is a specific concern for multithreaded applications?

Input validation

Memory overflow

Race conditions

A

Race conditions

20
Q

Gertrude is managing a new software project. The project has very clearly defined requirements that are not likely to change. Which of the following is the most appropriate development model for her?

Agile

Waterfall

Scrum

A

Scrum

Waterfall is a good approach when the requirements are firm