Module #6

Question 1

Which technique is used to help mitigate SQL injection attacks?

using the same owner or admin account in the web applications to connect to the database
limiting the read access to specific fields of a table or joins of tables
using stored procedures with the “db_owner” default role
assigning DBA or admin access rights to the application account

Answer 1

limiting the read access to specific fields of a table or joins of tables

Question 2

Which security device is used to make responses to client requests look like they all come from the same server?

stateful firewall
forward proxy
reverse proxy
jump box

Answer 2

reverse proxy

Question 3

What is a characteristic of a virtual machine running on a PC?

A virtual machine needs a physical network adapter to connect to the Internet.
A virtual machine runs its own operating system.
The number of virtual machines that can be made available depends on the software resources of the host machine.
A virtual machine is not susceptible to threats and malicious attacks.

Answer 3

A virtual machine runs its own operating system.

Question 4

What is a characteristic of the blue-green upgrade deployment strategy?

A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.
The code changes are periodically rolled out in such a way that they do not impact current users.
The new code is deployed all at once to the old environment. If users experience no issues, it is then moved to the new environment.
The new code version is first rolled out to a subset of users. Changes can then be rolled back if the users experience any problems.

Answer 4

A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.

Question 5

Which mitigation method is effective against cross-site scripting?

requiring multifactor authentication
consistent hardening of systems and applications
sanitizing untrusted content
using only necessary features and secure packages downloaded from official sources and verified with a signature

Answer 5

sanitizing untrusted content

Question 6

Which attack involves the insertion of malicious code into SQL statements?

SQL injection
cross-site scripting
brute force
local file inclusion

Answer 6

SQL injection

Question 7

In software development, what is the purpose of a jump box?

to act as a single trusted machine used to launch connections to sensitive systems
to make all requests originating from within a network look like they come from the same source IP address
to filter packets based on Layer 3 and Layer 4 addressing
to receive incoming requests and forward them to multiple servers

Answer 7

to act as a single trusted machine used to launch connections to sensitive systems

Question 8

Which characters are used to separate batched SQL statements?

semicolons ;
colons :
parentheses ()
pound signs #

Answer 8

semicolons ;

Question 9

What is a philosophy for software deployment used in the field of DevOps?

OWASP
DevNet
SOAP
CI/CD

Answer 9

CI/CD

Question 10

Which statement is a characteristic of the broken access control threat to web applications?

It allows attackers to access, and potentially change, serialized versions of data and objects.
It allows an attacker to use the dynamic functions of a site to inject malicious content into the page.
It allows users to circumvent existing authentication requirements.
It allows attackers to steal sensitive information such as passwords or personal information.

Answer 10

It allows users to circumvent existing authentication requirements.

Question 11

Which technology is used to containerize applications and allows them to run in a variety of environments?

Docker
GitHub
VirtualBox
Cisco DNA

Answer 11

Docker

Question 12

What is used to isolate the different parts of a running container?

wrappers
namespaces
control groups
union file systems

Answer 12

namespaces

Question 13

In serverless computing, which term refers to the ability for resources surrounding an app to change and adjust capacity as needed?

extensible
scalable
elastic
flexible

Answer 13

elastic

Question 14

Which Linux-based platform is used to create, run, and manage containers in a virtual environment?

Docker
Hyper-V
KVM
Bash

Answer 14

Docker

Question 15

What is Bash?

a Linux script engine that allows commands to be entered on the command line
a code injection technique used to attack data-driven applications
a web application framework written in Python
a philosophy for software deployment that figures prominently in the field of DevOps

Answer 15

a Linux script engine that allows commands to be entered on the command line

Question 16

Which load balancing technique will check the load status of multiple hosting servers and send the next incoming request to the server with the lowest load?

least connections
IP hash
canary
blue-green

Answer 16

least connections

Question 17

Which web application attack involves an attacker accessing, and potentially changing, serialized versions of data and objects?

broken authentication
insecure deserialization
security misconfiguration
cross-site scripting

Answer 17

insecure deserialization

Question 18

Which social engineering technique is carried out by someone attempting to gain access to a building by wearing a delivery service uniform?

phishing
impersonation
vishing
smishing

Answer 18

impersonation

Question 19

A company has remote employees who need to connect to the company network in order to participate in meetings and to share the data and progress of application development. Which data transportation security technique can be implemented to allow remote employees to securely connect to the company private network?

SSL
SSH
VPN
TLS

Answer 19

VPN

Question 20

Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)

port scanning
SQL injection
trust exploitation
cross-site scripting
port redirection

Answer 20

SQL injection
cross-site scripting

Question 21

Which statement describes the term containers in virtualization technology?

a group of VMs with identical OS and applications
a subsection of a virtualization environment that contains one or more VMs
isolated areas of a virtualization environment, where each area is administered by a customer
a virtual area with multiple independent applications sharing the host OS and hardware

Answer 21

a virtual area with multiple independent applications sharing the host OS and hardware

Question 22

A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting?

security misconfiguration
broken authentication
SQL injections
cross-site scripting

Answer 22

SQL injections

Question 23

What are three characteristics of a virtual machine? (Choose three.)

It includes a guest OS.
It leverages the kernel of the host OS for quick starts.
It is a virtualized physical server.
It shares the underlying resources of the host OS.
It is an isolated environment for applications.
It requires a hypervisor.

Answer 23

It includes a guest OS.
It is a virtualized physical server.
It requires a hypervisor.

Question 24

What is a characteristic of the development environment in the four-tier deployment environment structure?

It is where coding takes place.
It is structurally similar to the final production environment.
It is where users will interact with the code.
It contains code that has been tested and is error free.

Answer 24

It is where coding takes place.

Question 25

What is CI/CD?

It is a malicious code injection technique which is used to attack data-driven applications.
It is a web application development framework that is written in Python.
It is a script engine that allows users to execute commands from the command line.
It is a philosophy for software deployment that is often used in the field of DevOps.

Answer 25

It is a philosophy for software deployment that is often used in the field of DevOps.