M6 Flashcards
Which technique is used to help mitigate SQL injection attacks?
using the same owner or admin account in the web applications to connect to the database
limiting the read access to specific fields of a table or joins of tables
using stored procedures with the “db_owner” default role
assigning DBA or admin access rights to the application account
limiting the read access to specific fields of a table or joins of tables
Which security device is used to make responses to client requests look like they all come from the same server?
stateful firewall
forward proxy
reverse proxy
jump box
reverse proxy
What is a characteristic of a virtual machine running on a PC?
A virtual machine needs a physical network adapter to connect to the Internet.
A virtual machine runs its own operating system.
The number of virtual machines that can be made available depends on the software resources of the host machine.
A virtual machine is not susceptible to threats and malicious attacks.
A virtual machine runs its own operating system.
What is a characteristic of the blue-green upgrade deployment strategy?
A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.
The code changes are periodically rolled out in such a way that they do not impact current users.
The new code is deployed all at once to the old environment. If users experience no issues, it is then moved to the new environment.
The new code version is first rolled out to a subset of users. Changes can then be rolled back if the users experience any problems.
A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.
Match the cloud model to its description. (Not all options are used.)
These are clouds that locate computing as close as possible to the user.
Choices:
public
private
hybrid
edge
EDGE
Match the cloud model to its description. (Not all options are used.)
These clouds are made up of two or more clouds. However, each part remains a distinctive and seperate object. Both of these are connected using a single architecture.
Choices:
public
private
hybrid
edge
HYBRID
Match the cloud model to its description. (Not all options are used.)
These are clouds that are intended for a specific organization or entity, such as the government. they can be set up using the private network of an organization.
Choices:
public
private
hybrid
edge
PRIVATE
Which mitigation method is effective against cross-site scripting?
requiring multifactor authentication
consistent hardening of systems and applications
sanitizing untrusted content
using only necessary features and secure packages downloaded from official sources and verified with a signature
sanitizing untrusted content
Match the environments in the four-tier development environment structure to the description.
contains code that has been tested multiple times and is error free
choices:
development
testing
staging
production
PRODUCTION
Match the environments in the four-tier development environment structure to the description.
includes automated tools such as Jenkins, CircleCi, or Travis CI, and is often integrated with a verion control system.
choices:
development
testing
staging
production
TESTING
Match the environments in the four-tier development environment structure to the description.
where coding takes place
choices:
development
testing
staging
production
DEVELOPMENT
Match the environments in the four-tier development environment structure to the description.
structually as close to the aactual production environment as possible
choices:
development
testing
staging
production
STAGING
Which attack involves the insertion of malicious code into SQL statements?
SQL injection
cross-site scripting
brute force
local file inclusion
SQL injection
In software development, what is the purpose of a jump box?
to act as a single trusted machine used to launch connections to sensitive systems
to make all requests originating from within a network look like they come from the same source IP address
to filter packets based on Layer 3 and Layer 4 addressing
to receive incoming requests and forward them to multiple servers
to act as a single trusted machine used to launch connections to sensitive systems
Which characters are used to separate batched SQL statements?
semicolons ;
colons :
parentheses ()
pound signs #
semicolons ;
What is a philosophy for software deployment used in the field of DevOps?
OWASP
DevNet
SOAP
CI/CD
CI/CD
Which statement is a characteristic of the broken access control threat to web applications?
It allows attackers to access, and potentially change, serialized versions of data and objects.
It allows an attacker to use the dynamic functions of a site to inject malicious content into the page.
It allows users to circumvent existing authentication requirements.
It allows attackers to steal sensitive information such as passwords or personal information.
It allows users to circumvent existing authentication requirements.
Which technology is used to containerize applications and allows them to run in a variety of environments?
Docker
GitHub
VirtualBox
Cisco DNA
Docker
Match the OWASP resource with a description.
explains ways to mitigate command security issues in web applications
choices:
Dependency Check
ModSecurity Core Rule Set
Cheat Sheet Series
DefectDojo
Cheat Sheets Series
Match the OWASP resource with a description.
looks for vulnerabilities in code
choices:
Dependency Check
ModSecurity Core Rule Set
Cheat Sheet Series
DefectDojo
Dependency Check
Match the OWASP resource with a description.
streamlines the code testing process
choices:
Dependency Check
ModSecurity Core Rule Set
Cheat Sheet Series
DefectDojo
DefectDojo
Match the OWASP resource with a description.
genetic attack detection rules used with web application firewall
choices:
Dependency Check
ModSecurity Core Rule Set
Cheat Sheet Series
DefectDojo
ModSecurity Core Rule Set
What is used to isolate the different parts of a running container?
wrappers
namespaces
control groups
union file systems
namespaces
