Module #6 Flashcards
Which technique is used to help mitigate SQL injection attacks?
using the same owner or admin account in the web applications to connect to the database
limiting the read access to specific fields of a table or joins of tables
using stored procedures with the “db_owner” default role
assigning DBA or admin access rights to the application account
limiting the read access to specific fields of a table or joins of tables
Which security device is used to make responses to client requests look like they all come from the same server?
stateful firewall
forward proxy
reverse proxy
jump box
reverse proxy
What is a characteristic of a virtual machine running on a PC?
A virtual machine needs a physical network adapter to connect to the Internet.
A virtual machine runs its own operating system.
The number of virtual machines that can be made available depends on the software resources of the host machine.
A virtual machine is not susceptible to threats and malicious attacks.
A virtual machine runs its own operating system.
What is a characteristic of the blue-green upgrade deployment strategy?
A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.
The code changes are periodically rolled out in such a way that they do not impact current users.
The new code is deployed all at once to the old environment. If users experience no issues, it is then moved to the new environment.
The new code version is first rolled out to a subset of users. Changes can then be rolled back if the users experience any problems.
A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.
Which mitigation method is effective against cross-site scripting?
requiring multifactor authentication
consistent hardening of systems and applications
sanitizing untrusted content
using only necessary features and secure packages downloaded from official sources and verified with a signature
sanitizing untrusted content
Which attack involves the insertion of malicious code into SQL statements?
SQL injection
cross-site scripting
brute force
local file inclusion
SQL injection
In software development, what is the purpose of a jump box?
to act as a single trusted machine used to launch connections to sensitive systems
to make all requests originating from within a network look like they come from the same source IP address
to filter packets based on Layer 3 and Layer 4 addressing
to receive incoming requests and forward them to multiple servers
to act as a single trusted machine used to launch connections to sensitive systems
Which characters are used to separate batched SQL statements?
semicolons ;
colons :
parentheses ()
pound signs #
semicolons ;
What is a philosophy for software deployment used in the field of DevOps?
OWASP
DevNet
SOAP
CI/CD
CI/CD
Which statement is a characteristic of the broken access control threat to web applications?
It allows attackers to access, and potentially change, serialized versions of data and objects.
It allows an attacker to use the dynamic functions of a site to inject malicious content into the page.
It allows users to circumvent existing authentication requirements.
It allows attackers to steal sensitive information such as passwords or personal information.
It allows users to circumvent existing authentication requirements.
Which technology is used to containerize applications and allows them to run in a variety of environments?
Docker
GitHub
VirtualBox
Cisco DNA
Docker
What is used to isolate the different parts of a running container?
wrappers
namespaces
control groups
union file systems
namespaces
In serverless computing, which term refers to the ability for resources surrounding an app to change and adjust capacity as needed?
extensible
scalable
elastic
flexible
elastic
Which Linux-based platform is used to create, run, and manage containers in a virtual environment?
Docker
Hyper-V
KVM
Bash
Docker
What is Bash?
a Linux script engine that allows commands to be entered on the command line
a code injection technique used to attack data-driven applications
a web application framework written in Python
a philosophy for software deployment that figures prominently in the field of DevOps
a Linux script engine that allows commands to be entered on the command line
Which load balancing technique will check the load status of multiple hosting servers and send the next incoming request to the server with the lowest load?
least connections
IP hash
canary
blue-green
least connections
Which web application attack involves an attacker accessing, and potentially changing, serialized versions of data and objects?
broken authentication
insecure deserialization
security misconfiguration
cross-site scripting
insecure deserialization
Which social engineering technique is carried out by someone attempting to gain access to a building by wearing a delivery service uniform?
phishing
impersonation
vishing
smishing
impersonation
A company has remote employees who need to connect to the company network in order to participate in meetings and to share the data and progress of application development. Which data transportation security technique can be implemented to allow remote employees to securely connect to the company private network?
SSL
SSH
VPN
TLS
VPN
Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)
port scanning
SQL injection
trust exploitation
cross-site scripting
port redirection
SQL injection
cross-site scripting
Which statement describes the term containers in virtualization technology?
a group of VMs with identical OS and applications
a subsection of a virtualization environment that contains one or more VMs
isolated areas of a virtualization environment, where each area is administered by a customer
a virtual area with multiple independent applications sharing the host OS and hardware
a virtual area with multiple independent applications sharing the host OS and hardware
A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting?
security misconfiguration
broken authentication
SQL injections
cross-site scripting
SQL injections
What are three characteristics of a virtual machine? (Choose three.)
It includes a guest OS.
It leverages the kernel of the host OS for quick starts.
It is a virtualized physical server.
It shares the underlying resources of the host OS.
It is an isolated environment for applications.
It requires a hypervisor.
It includes a guest OS.
It is a virtualized physical server.
It requires a hypervisor.
What is a characteristic of the development environment in the four-tier deployment environment structure?
It is where coding takes place.
It is structurally similar to the final production environment.
It is where users will interact with the code.
It contains code that has been tested and is error free.
It is where coding takes place.
What is CI/CD?
It is a malicious code injection technique which is used to attack data-driven applications.
It is a web application development framework that is written in Python.
It is a script engine that allows users to execute commands from the command line.
It is a philosophy for software deployment that is often used in the field of DevOps.
It is a philosophy for software deployment that is often used in the field of DevOps.
