quiz 2 Flashcards

Question

MAC table

Answer 1

a table that maps each network device's MAC address to a physical port on a switch

Answer 2

a switch's broadcast of a packet on all the switch's ports. Unicast flooding enables an attacker to gain access to all data packets on a LAN.

Answer 3

a communication channel that guarantees data authenticity and data confidentiality.

Answer 4

a type of MITM attack that uses malware to intercept or modify messages exchanged between a web browser and a web server.most often used to steal financial information by modifying a user's communications with an Internet banking website.

Answer 5

uses SSL/TLS to secure communications between a POP client and a POP server.

Answer 6

an Internet standard protocol used by an email client to retrieve an email from a mail server. does not support the sending of an email

Answer 7

an Internet standard protocol used by an email client to retrieve an email from a mail server.

Answer 8

uses SSL/TLS to secure communications between an IMAP client and an IMAP server.

Answer 9

an Internet standard that extends the format of an email message to support non-ASCII character sets and multimedia attachments

Answer 10

an Internet standard for signing and encrypting MIME data.

Answer 11

a cryptographic network protocol for securely operating a network service over an insecure network.

Answer 12

the encapsulation of a protocol's packets within the packets of another protocol.

Answer 13

an extension to the file transfer protocol (FTP) that uses SSL/TLS to provide communication security.

Answer 14

an extension of the SSH protocol that enables secure file transfer capabilities between networked hosts

Answer 15

a protocol for secure delivery of voice and video services over an IP network.

Answer 16

a protocol for accessing and maintaining distributed directory information services over an IP network

Answer 17

uses SSL/TLS to protect LDAP transmissions

Answer 18

an attack in which an attacker exploits input validation vulnerabilities to construct and execute an unauthorized LDAP query

Answer 19

an extension of the hypertext transfer protocol (HTTP) that uses SSL/TLS to establish an authenticated and encrypted connection between a client and a server.

Answer 20

a protocol suite for securing data communications over an IP network.

Answer 21

an IPSec protocol that provides authentication and integrity for an IP packet and protection against a replay attack

Answer 22

an IPSec protocol that provides authentication, integrity, and confidentiality for an IP packet and protection against a replay attack

Answer 23

an IPSec mode in which only an IP payload is authenticated and encrypted, not the IP header.

Answer 24

an IPSec mode in which an IP packet (IP header and IP payload) is authenticated, encrypted, and encapsulated in a tunneling protocol

Answer 25

the act of partitioning a network into segments. Network segmentation is used to create security zones

Answer 26

a network segment that has specific security requirements.

Answer 27

a security zone that contains protected network resources that should only be accessible by an authorized user or system.

Answer 28

a security zone that is outside an organization's control

Answer 29

a broadcast domain that is segmented at the data link layer.

Answer 30

a minimally configured server in a security zone that is used for managing the hosts in the security zone

Answer 31

a security zone that lies between a trusted and an untrusted zone.

Answer 32

a VLAN in which a host is connected to a specific switch port that is assigned to a VLAN

Answer 33

a VLAN in which protocol types are used to assign a host to a VLAN

Answer 34

a VLAN in which a host's MAC address is used to assign the host to a VLAN.

Answer 35

a network device or a software program that controls inbound and outbound traffic based on a set of rules

Answer 36

a firewall that is implemented in a physical device

Answer 37

a firewall that is implemented in software and runs on a general-purpose computer

Answer 38

software firewall with freely available source code that can be modified and redistributed

Answer 39

a firewall that is built by an entity that has exclusive rights to the firewall

Answer 40

a firewall that allows or blocks a packet based on the information in the packet header

Answer 41

a list of rules used by a firewall to control inbound and outbound network traffic

Answer 42

a firewall that monitors and tracks active network connection sessions and blocks a packet that does not belong to an active session

Answer 43

a security appliance that provides multiple security functions at a single point on a network

Answer 44

a firewall that combines the functionality of a packet filtering firewall with other technologies to detect and block a network attack

Answer 45

a software or hardware firewall that provides packet filtering within a virtualized environment

Answer 46

a virtual firewall mode in which a firewall resides in a host's hypervisor kernel and monitors and controls inbound/outbound traffic on the virtual machines running on the host.

Answer 47

a virtual firewall mode in which a firewall runs on a virtual machine and monitors and controls inbound/outbound traffic on the virtual machine.

Answer 48

a software firewall that runs on a host and controls the host's inbound and outbound network traffic

Answer 49

a device that enables multiple hosts with private IP addresses to connect to the Internet using a single public IP address.

Answer 50

a specific form of application firewall that monitors and filters HTTP and HTTPS traffic between a web application and the Internet

Answer 51

a firewall that controls an application's input and output.

Answer 52

he act of blocking access to a URL

Answer 53

a device or a software application that detects a malicious activity or a security policy violation in a system

Answer 54

the act of blocking access to content based on predefined criteria.

Answer 55

an IDS that detects a threat to a network.

Answer 56

a NIDS that blocks a threat to a network.

Answer 57

an IDS that detects a threat to a host

Answer 58

a NIDS/NIPS deployment mode in which network traffic is passed through a NIDS/NIPS

Answer 59

a NIDS/NIPS deployment mode in which a NIDS/NIPS receives a copy of network traffic.

Answer 60

a detection method that detects an attack by using the attack's pattern

Answer 61

a detection method that detects an attack by identifying a network state that is different from the network's normal state

Answer 62

a detection method that detects an attack by searching for a specific pattern that matches a threat behavior

Answer 63

a detection method that detects an attack by adaptive techniques

Answer 64

a service using encryption to connect devices over a public network

Answer 65

a connection between two or more networks

Answer 66

a connection between a client computer and a remote router.

Answer 67

Communication on HTTPS is encrypted through the use of

Answer 68

routes and encrypts all network traffic through the VPN, regardless of where the VPN service is hosted

Answer 69

routes and encrypts all non-internet network traffic over the VPN

Answer 70

Security on the web is provided through the use of

Answer 71

In the past, communication was encrypted through the use of the

Answer 72

a mechanism for setting up VPN tunnels at the data link layer.

Answer 73

the occurrence of a large number of broadcast and multicast packets on a network within a short time period.

Answer 74

a packet exchanged between switches on a local area network (LAN) to detect the network's loops

Answer 75

a control mechanism for preventing a BPDU packet from entering a switch port.

Answer 76

the act of preventing or reducing packet rebroadcasts on a LAN.

Answer 77

a network topology in which more than one path exists between two network endpoints

Answer 78

a network management protocol used for automating the assignment of IP addresses and network configuration parameters to devices on an IP network.

Answer 79

a Layer 2 control for preventing an unauthorized or rogue DHCP server from offering network configuration parameters to a DHCP client

Answer 80

an attack in which an attacker configures a rogue DHCP server to send a forged DHCP response to a DHCP request.

Answer 81

an attack that aims to deplete a DHCP server's IP address pool

Answer 82

a hardware device or a software program that performs load balancing

Answer 83

the act of distributing network or application traffic across multiple servers in a server group

Answer 84

a load balancer mode in which two load balancers share the workload and distribute traffic across multiple servers.

Answer 85

a load balancer mode in which a primary load balancer distributes traffic across multiple servers and a standby load balancer that is activated when the primary load balancer fails.

Answer 86

a scheduling algorithm in which data traffic is distributed to a server with the fewest number of active connections.

Answer 87

a scheduling algorithm in which data traffic is routed to a specific server based on a client's IP address.

Answer 88

a scheduling algorithm in which data traffic is distributed to a server with the fewest number of active connections and the lowest average response time

Answer 89

a scheduling algorithm in which data traffic is distributed across a group of servers sequentially.

Answer 90

the traffic between a data center's network components.

Answer 91

the traffic that enters or leaves a data center

Answer 92

the traffic that enters a data center

Answer 93

the traffic that leaves a data center.

Answer 94

a private network that can only be accessed by an organization's authorized internal users

Answer 95

a controlled private network that allows access to a subset of an organization's intranet to the organization's external partners, vendors, suppliers, and customers

Answer 96

a web server security vulnerability that enables the injection of client-side scripts into a web server's web pages.

Answer 97

a cross-site scripting attack in which an injected script is returned to a client in response to an HTTP request by the client.

Answer 98

a standard object model and programming interface for HTML. DOM defines how to get, change, add, or delete HTML elements.

Answer 99

a cross-site scripting attack in which a malicious script is stored on a web server's back-end database and returned to all clients that request the web pages containing the script

Answer 100

a cross-site scripting attack in which the source and destination of the attack is the client web browser

Answer 101

an attack in which an attacker sends a forged request to a web application on behalf of an authenticated user.

Answer 102

an attack in which an attacker sends forged requests from a web application's server to other servers. In an SSRF attack, an attacker tricks a server into making an unauthorized request.

Answer 103

a memory region used for temporarily storing data while the data is being transferred from one memory location to another

Answer 104

a programming error condition that occurs when the size of the data to be stored in a buffer is larger than the buffer size.

Answer 105

a program's insufficient validity checking of user input

Answer 106

a data attribute that specifies how the data is intended to be used in a program

Answer 107

a programming error condition that occurs when the result of an integer operation is greater than the maximum size, or less than the minimum size of the integer type used to store the result.

Answer 108

the process of controlling and coordinating a computer's memory

Answer 109

memory that stores local variables and is used for static memory allocation

Answer 110

memory that stores global variables and is used for dynamic memory allocation

Answer 111

an occurrence in which a program allocates heap memory but does not deallocate the memory when the memory is no longer needed

Answer 112

a program variable that stores a memory address.

Answer 113

the act of obtaining the value stored at the memory location pointed to by the pointer.

Answer 114

the process of responding and recovering from error conditions in a program

Answer 115

a network attack in which a data transmission is intercepted and maliciously repeated or delayed.

Answer 116

a unique number assigned to an authenticated user by a web application

Answer 117

a replay attack in which a user's session ID is used to impersonate the user and perform a fraudulent transaction or activity.

Answer 118

a challenge-response authentication protocol.

Answer 119

an attack in which an attacker authenticates to a server or service using the NTLM's password hash of a user.

Answer 120

an injection attack in which an application's user input fields are used to insert a malicious SQL statement into the application.

Answer 121

an attack that injects or inserts malicious input into a program or database query.

Answer 122

a markup language that defines a set of rules for encoding documents in a text-based format.

Answer 123

an attack that manipulates the logic of an XML-based application

Answer 124

a library of code and data for commonly used functions in a Windows computer.

Answer 125

an injection attack in which a process is forced to load and execute malicious DLL code within the process's address space

Answer 126

a protocol for accessing and maintaining distributed directory information services over an IP network.

Answer 127

an attack in which an attacker exploits input validation vulnerabilities to manipulate an LDAP statement executed on an LDAP server

Answer 128

a software event in which multiple concurrently executing processes access a shared resource at the same time

Answer 129

the time at which a process checks a shared resource's state

Answer 130

a class of software errors that are caused by a race condition.

Answer 131

the time at which a process uses a shared resource.

Answer 132

an attack that aims to slow down or disable an application by using up the application's limited resources

Answer 133

a software library that intercepts and modifies calls to a device driver

Answer 134

a program that controls a computer-connected hardware device.

Answer 135

an attack in which malicious code is added to a driver shim

Answer 136

a set of techniques used for improving a program's internal structure without changing the program's behavior.

Answer 137

an attack in which malicious code is added to a device driver through refactoring without changing the device driver's desired behavior.

Answer 138

privilege escalation in which a lower privilege user or application gains privileges assigned to another user or application with higher privileges

Answer 139

the act of gaining account privileges beyond those assigned to the account.

Answer 140

privilege escalation in which a user or application gains privileges assigned to another user or application with the same privileges.

Answer 141

a directory on a web server's file system that the web server's users can access

Answer 142

a web application security vulnerability that allows unauthorized users to access files outside of a web server's root directory

Answer 143

any media that contains part or all of an operating system.

Answer 144

a set of functions and protocols for building and integrating different applications and data sets.

Answer 145

an attack that exploits the vulnerabilities in an application's API to attack the application or a service

Answer 146

the environment where an application is created, debugged, modified, and improved

Answer 147

an attack that aims to downgrade an attempted HTTPS connection between a web server and client to an HTTP connection

Answer 148

the collection of hardware and software used to build an application

Answer 149

the environment where an application is tested against the application's specification requirements.

Answer 150

a pre-production environment that mirrors a production environment and contains the final release version of an application

Answer 151

the process of testing an application's various aspects, including an application's stability, usability, security, functionality, and performance to ensure that the application meets user requirements

Answer 152

an environment where the release version of an application is deployed and made available to the application's users.

Answer 153

the act of digitally signing software by the software's publisher.

Answer 154

the process of moving an application to a production environment and customizing the application configurations.

Answer 155

the process of removing an application from a production environment.

Answer 156

a collection of software development tools in one package

Answer 157

the process of assigning names or numbers to unique states of released software.

Answer 158

the practice of developing software in a way that minimizes the risk of creating software vulnerabilities

Answer 159

methods designed to improve code security.

Answer 160

the practice of tracking and managing a software's versions.

Answer 161

code that can never be executed at run-time, or is executed but whose result is never used in any other computation.

Answer 162

a reusable software component developed by an entity other than the original publisher of a software development platform

Answer 163

a secure coding technique that makes code difficult to read and harder to understand by modifying the code appearance.

Answer 164

the use of existing software to build new software

Answer 165

the degree to which a system is able to adapt to workload changes by automatically provisioning and deprovisioning resources.

Answer 166

the measure of a system's ability to handle increased demands.

Answer 167

scalability which entails adding new systems to an existing infrastructure

Answer 168

scalability which entails adding resources to existing systems

Answer 169

the practice of creating diversity within the software development process with the aim of reducing the extent of software vulnerability exploits

Answer 170

the intentional or unintentional disclosure of information to an unauthorized user or application

Answer 171

the process of organizing data in a relational database

Answer 172

a group of SQL statements created to perform a specific task.

Answer 173

the process of adding a unique string of characters to a password before hashing the password

Answer 174

a secure storage mechanism that stores a mapping between sensitive data and tokens

Answer 175

the process of transforming a variable length string to a fixed-size value

Answer 176

a query in which placeholders are used for parameters and the parameter values are supplied at execution time

Answer 177

the process of substituting a sensitive data element with a non-sensitive data element

Answer 178

the process of systematically examining code with the aim of improving code quality.

Answer 179

a code review method that examines code during the code execution.

Answer 180

a code review method that examines code without executing the code

Answer 181

the process of performing static code analysis by one or more code reviewers.

Answer 182

an automated software testing technique for finding software bugs and vulnerabilities by feeding invalid and random data into software.

Answer 183

a set of practices and tools that automate and integrate software development and IT operations.

Answer 184

a program that automatically generates random data for software testing.

Answer 185

the practice of frequently merging new and modified code from multiple developers into a single software project.

Answer 186

the practice of frequently releasing new software that is ready to be deployed into a stage environment.

Answer 187

the practice of frequently deploying new software into a production environment.

Answer 188

the practice of frequently verifying that new and existing software is tested.

Answer 189

the practice of frequently monitoring released software to detect errors, security risks and compliance issues.

Answer 190

a non-profit foundation that publishes methodologies, documentation, tools, and technologies for raising awareness and improving web application security.

Answer 191

the set of practices and technologies that enable the creation of secure web applications.

Answer 192

a secure coding technique that ensures only valid input is entered into software.

Answer 193

a regularly-updated list of the 10 most common web application security risks.

Answer 194

an input validation method that ensures an input matches a set of known good values.

Answer 195

an input validation method that ensures an input does not contain known bad values.

Answer 196

input validation that is performed by a server after input has been sent to the server.

Answer 197

input validation that is performed by a client before input is sent to a server