IS3340 CHAPTER 12

Question 1

Computer software designed to allow users to perform specific tasks is called ___?

Answer 1

APPLICATION SOFTWARE

Question 2

An integrated collection of software programs that are used to manage many aspects of a business, including financials, human resources, assets, and business process is called ___?

Answer 2

ENTERPRISE RESOURCE PLANNING (ERP)

Question 3

A popular protocol used to transfer files from one computer to another is called ___?

Answer 3

FILE TRANSFER PROTOCOL (FTP)

Question 4

A secure application layer protocol used to transfer encrypted content between Web browsers and Web servers. It encrypts traffic by sending messages over SLS/TLS and is called ___?

Answer 4

HYPERTEXT TRANSFER PROTOCOL SECURE (HTTPS)

Question 5

An attack in which the attacker is located between a client and a server and intercepts traffic flowing back and forth between the two computers. The attacker can view or modify data that is transmitted in the clear and is called ___?

Answer 5

MAN-IN-THE-MIDDLE

Question 6

Adding more authority to the current session than the process should possess is called ___?

Answer 6

PRIVILEGE ESCALATION

Question 7

A statement that accesses data in a database is called ___?

Answer 7

QUERY

Question 8

The act of masquerading as another identity is called ___?

Answer 8

SPOOFING

Question 9

An attack that adds SQL statements to input data for the purpose of sending commands to a database management system is called ___?

Answer 9

SQL INJECTION

Question 10

A computer language for accessing data in a database is called ___?

Answer 10

STRUCTURED QUERY LANGUAGE (SQL)

Question 11

An option in several database management systems that encrypts all data in the database without any user or application action required is called ___?

Answer 11

TRANSPARENT DATA ENCRYPTION (TDE)

Question 12

A character string used to identify the location and name of a resource on the Internet is called ___?

Answer 12

UNIFORM RESOURCE LOCATOR (URL)

Question 13

A computer that follows the instructions sent from another computer is called a ___?

Answer 13

ZOMBIE

Question 14

1. The main focus when security application software is confidentiality.
   TRUE OR FALSE

Answer 14

FALSE

Question 15

2. Which type of application attack attempts to add more authority to the current process?
3. Privilege spoofing
4. Identity escalation
5. Privilege escalation
6. Identity spoofing

Answer 15

Privilege escalation

Question 16

3. Which of the following is the best first step in securing application software?
4. Install all of the latest patches
5. Harden the operating system
6. Configure application software using least privilege
7. Perform penetration tests to evaluate vulnerabilities

Answer 16

Harden the operating system

Question 17

4. A ___ is an attractive target because it is the primary client of Web applications.

Answer 17

Web browser

Question 18

5. Why are ActiveX controls potential security risks?
6. Active X controls potential security risks
7. Active X controls can contain malware and run on the server
8. Active X controls require that you divulge sensitive authentication details
9. Active X controls are outdated and generally used by older Web applications

Answer 18

Active X controls potential security risks

Question 19

6. Enabling secure connections ensures email messages are encrypted between sender and recipient.
   TRUE OR FALSE

Answer 19

FALSE

Question 20

7. Which of the following is a simple step to make email clients more secure?
8. Use EFS/BitLocker to store email messages on the server
9. Install third party message encryption
10. Turn off message preview
11. Remove email clients and use server-based email access

Answer 20

Turn off message preview

Question 21

8. Which of the following steps can increase the security of all application software?
9. Install anti-malware software
10. Use whole disk encryption on client workstations
11. Run SCW on workstations
12. Require an SSL/TLS for connections to a Web server

Answer 21

Install anti-malware software

Question 22

9. You use Windows server roles to configure each Windows server computer to perform only one task.
   TRUE OR FALSE

Answer 22

FALSE

Question 23

10. A URL can contain commands the Web server will execute.

TRUE OR FALSE

Answer 23

TRUE

Question 24

11. How do you install IIS on a Windows Server 2008 R2 computer?
12. Purchase IIS and install it
13. Download IIS for free and install it
14. Add the Web Server (IIS) role to a server
15. Install IIS from the Windows install DVD

Answer 24

Add the Web Server (IIS) role to a server

Question 25

12.A ___ is any statement that accesses data in a database.

Answer 25

Query

Question 26

13. ___ encrypts all data in a database without requiring user or application action.

Answer 26

Transparent Dat Encryption (TDE)

Question 27

14. SQL Injection attacks are only possible against popular Microsoft SQL Server databases.
    TRUE OR FALSE

Answer 27

FALSE

Question 28

15. Is requiring secure connections between your Web server and your application server worth the overhead and administrative effort?
16. No, because both the Web server and application server are inside your secure network
17. Yes, because your Web server is in the DMZ and is Internet-facing
18. No, because secure connections between high volume servers can dramatically slow down both servers
19. Yes, because your application server is in the DMZ and is Internet-facing

Answer 28

Yes, because your Web server is in the DMZ and is Internet-facing