Security+ Practice Test 5 Flashcards
What is the best countermeasure against social engineering?
User education
Which of the following violates the principle of least privilege?
Improperly configured accounts
An e-commerce store app running on an unpatched web server is an example of:
Vulnerable business process
The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks.
True
A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called:
Memory leak
Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?
Integer overflow
A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as:
Buffer overflow
Which of the following terms describes an attempt to read a variable that stores a null value?
Pointer dereference
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
DLL
Which of the terms listed below describes a type of attack that relies on executing a library of code?
DLL injection
In the IT industry, the term “System sprawl” is used to describe poor hardware resource utilization.
True
An effective asset management process provides countermeasures against:
System sprawl
Undocumented assets
Architecture and design weaknesses
Zero-day attack exploits:
Vulnerability that is present in already released software but unknown to the software developer
A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called:
Firewall
Which of the following applies to a request that doesn’t match the criteria defined in an ACL?
Implicit deny rule