Web Security, Security Management, Law, Ethics and Privacy (ch14, 15, 19)

Question 1

A cookie can be used to authenticate a user to a web site so that the user does not have to type in his password for each connection to the site.

Answer 1

True

Question 2

Malicious JavaScripts is a major threat to browser security.

Answer 2

True

Question 3

XSS is possible when a web site does not check user input properly and use the input in an outgoing html page.

Answer 3

True

Question 4

XSS can perform many types of malicious actions because a malicious script is executed at user?s browser.

Answer 4

True

Question 5

XSRF is possible when a user has a connection to a malicious site while a connection to a legitimate site is still alive.

Answer 5

True

Question 6

In XSRF, the malicious site can send malicious script to execute in the user?s browser by embedding the script in a hidden iframe.

Answer 6

True

Question 7

It is easy for the legitimate site to know if a request is really from the (human) user.

Answer 7

False

Question 8

SQL injection attacks only lead to information disclosure.

Answer 8

False

Question 9

Using an input filter to block certain characters is an effective way to prevent SQL injection attacks.

Answer 9

False

Question 10

SQL injection is yet another example that illustrates the importance of input validation.

Answer 10

True

Question 11

Organizational security objectives identify what IT security outcomes should be achieved.

Answer 11

True

Question 12

Since the responsibility for IT security is shared across the
organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

Answer 12

True

Question 13

Legal and regulatory constraints may require specific approaches to risk assessment.

Answer 13

True

Question 14

One asset may have multiple threats and a single threat may target multiple assets.

Answer 14

True

Question 15

It is likely that an organization will not have the resources to implement all the recommended controls.

Answer 15

True

Question 16

The IT security management process ends with the implementation of controls and the training of personnel.

Answer 16

False

Question 17

The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations.

Answer 17

True

Question 18

The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users.

Answer 18

True

Question 19

An IT security plan should include details of ________.

A. risks

B. recommended controls

C. responsible personnel

D. all of the above

Answer 19

D

Question 20

______ is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries.

A. Anonymization

B. Data transformation

C. Immutable audit

D. Selective revelation

Answer 20

A

Question 21

Web browser can be attacked by any website that it visits.

Answer 21

True

Question 22

Even if a browser is compromised, the rest of the computer is still secure.

Answer 22

False

Question 23

Web servers can be compromised because of exploits on web applications.

Answer 23

True