MODULE 6 Flashcards
Which Linux-based platform is used to create, run, and manage containers in a virtual environment?
Docker
KVM
Hyper-V
Bash
Docker
A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting?
SQL injections
Broken authentication
Cross-site scripting
Security misconfiguration
SQL injections
What is used to isolate the different parts of a running container?
wrappers
namespaces
control groups
union file systems
namespaces
Which statement describes the term containers in virtualization technology?
A group of VMs with identical OS and applications
A subsection of a virtualization environment that contains one or more VMs
A virtual area with multiple independent applications sharing the host OS and hardware
Isolated area of a virtualization environment, where each area is administered by a customer
A virtual area with multiple independent applications sharing the host OS and hardware
Which technique is used to help mitigate SQL injection attacks?
using the same owner or admin account in the web applications to connect to the database
limiting the read access to specific fields of a table or joins of tables
using stored procedures with the “db_owner” default role
assigning DBA or admin access rights to the application account
limiting the read access to specific fields of a table or joins of tables
Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)
Port scanning
Port redirection
SQL injection
Trust exploitation
Cross-site scripting
SQL injection
Cross-site scripting
What is a characteristic of a virtual machine running on a PC?
A virtual machine needs a physical network adapter to connect to the Internet.
A virtual machine runs its own operating system.
The number of virtual machines that can be made available depends on the software resources of the host machine.
A virtual machine is not susceptible to threats and malicious attacks.
A virtual machine runs its own operating system.
These are clouds that locate computing as close as possible to the user:
These clouds are made up of two or more clouds. However, each part remains a distinctive and separate object. Both of these are connected using a single architecture:
These are clouds that are intended for a specific organization or entity, such as the government. They can be set up using the private network of an organization:
public
private
hybrid
edge
edge
hybrid
private
What are the three characteristics of a virtual machine? (Choose three.)
It requires a hypervisor.
It shares the underlying resources of the host OS.
It includes a guest OS.
It leverages the kernel of the host OS for quick starts.
It is an isolated environment for applications.
It is a virtualized physical server.
It requires a hypervisor.
It includes a guest OS.
It is a virtualized physical server.
What is a characteristic of the development environment in the four-tier deployment environment structure?
It is where the coding takes place.
It is structurally similar to the final production environment.
It is where users will interact with the code.
It contains code that has been tested and is error free.
It is where coding takes place.
Which attack involves the insertion of malicious code into SQL statements?
brute force
local file inclusion
SQL injection
cross-site scripting
SQL injection
Which web application attack involves an attacker accessing, and potentially changing serialized versions of data and objects?
Insecure deserialization
Cross-site scripting
Security misconfiguration
Broken authentication
Insecure deserialization
In software development, what is the purpose of a jump box?
to act as a single trusted machine used to launch connections to sensitive systems
to make all requests originating from within a network look like the come from the same source IP address
to filter packets based on Layer 3 and Layer 4 addressing
to receive incoming requests and forward them to multiple servers
to act as a single trusted machine used to launch connections to sensitive systems
Which security device is used to make responses to client requests to look like they all come from the same server?
stateful firewall
forward proxy
reverse proxy
jump box
reverse proxy
contains code that has been tested multiple times and is error free:
includes automated tools such as Jenkins, CircleCI, or Travis CI, and is often integrated with a version control system:
where coding takes place
structurally as close to the actual production environment as possible
development
testing
staging
production
production
testing
development
staging
explains ways to mitigate command security issues in web applications:
looks for known vulnerabilities in code:
streamlines the code testing process:
generic attack detection rules used with web application firewalls:
Dependency Check
ModSecurity Core Rule Set
Cheat Sheet Series
DefectDojo
Cheat Sheet Series
Dependency Check
DefectDojo
ModSecurity Core Rule Set
Which load balancing technique will check the load status of multiple hosting servers and send the next incoming request to the server with the lowest load?
Canary
Blue-green
IP hash
Least connections
Least connections
What is a characteristic of the blue-green upgrade deployment strategy?
A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.
The code changes are periodically rolled out in such a way that they do not impact current users.
The new code is deployed all at once to the old environment. If users experience no issues, it is then moved to the new environment.
The new code version is first rolled out to a subset of users. Changes can then be rolled back if the users experience any problems.
A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.
Which characters are used to separate batched SQL statements?
colons :
semicolons ;
parentheses ()
pound signs #
semicolons ;
Which mitigation method is effective against cross-site scripting?
requiring multifactor authentication
consistent hardening of systems and applications
sanitizing untrusted content
using only necessary features and secure packages downloaded from official sources and verified with a signature
sanitizing untrusted content
Which statement is a characteristic of the broken access control threat to web applications?
It allows attackers to access, and potentially change, serialized versions of data and objects.
It allows an attacker to use the dynamic functions of a site to inject malicious content into the page.
It allows users to circumvent existing authentication requirements.
It allows attackers to steal sensitive information such as passwords and personal information.
It allows users to circumvent existing authentication requirements.
Which technology is used to containerize applications and allows them to run in a variety of environments?
Docker
GitHub
VirtualBox
Cisco DNA
Docker
A company has remote employees who need to connect to the company network in order to participate in meetings and to share the data and progress of application development. Which data transportation security technique can be implemented to allow remote employees to securely connect to the company private network?
SSH
VPN
SSL
TLS
VPN
Which social engineering technique is carried out by someone attempting to gain access to a building by wearing a deliver service uniform?
Smishing
Vishing
Impersonation
Phishing
Impersonation
What is a philosophy for software deployment used in the field of DevOps?
OWASP
SOAP
CI/CD
DevNet
CI/CD
What is Bash?
A web application framework written in Python
A Linux script engine that allows commands to be entered on the command line
A philosophy for software deployment that figures prominently in the field of DevOps
A code injection technique used to attack data-driven applications
A Linux script engine that allows commands to be entered on the command line
What is CI/CD?
It is a script engine that allows users to execute commands from the command line.
It is a malicious code injection technique which is used to attack data-driven applications.
It is a philosophy for software deployment that is often used in the field of DevOps.
It is a web application development framework that is written in Python.
It is a philosophy software deployment that is often used in the field of DevOps.
In serverless computing, which term refers to the ability for resources surrounding an app to change and adjust capacity as needed?
Elastic
Scalable
Flexible
Extensible
Elastic
