Embed Size (px)
Citation preview
Chapter 4 Application SecurityKnowledge and Test Prep
• Press F5• Grab a pen / pencil and paper• Jot the answer down for each question. • The answers will appear on the next slide
Take this prep seriously to help with Chapter 4’s exam... Hint hint
Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?
A. SMTPB. SAPC. SPAD. Exchange
Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?
A. SMTPB. SAPC. SPA (Secure Password Authentication) is a Microsoft protocol used to authenticate e-mail clients.D. Exchange
As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet?
A. Instant messagingB. CookiesC. Group policiesD. Temporary files
As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet?
A. Instant messagingB. CookiesC. Group policiesD. Temporary files
What are two ways to secure Internet Explorer? (Select the two best answers.)
A. Set the Internet zone’s security level to High.B. Add malicious sites to the Trusted Sites zone.C. Disable the pop-up blocker.D. Disable ActiveX controls.
What are two ways to secure Internet Explorer? (Select the two best answers.)
A. Set the Internet zone’s security level to High.B. Add malicious sites to the Trusted Sites zone.C. Disable the pop-up blocker.D. Disable ActiveX controls.
Which of the following concepts can ease administration but can be the victim of malicious attack? A. ZombiesB. BackdoorsC. Buffer overflowD. Group policy
Which of the following concepts can ease administration but can be the victim of malicious attack? A. ZombiesB. Backdoors Backdoors were originally created to ease administration. However, hackers quickly found that they could use these backdoors for a malicious attack.C. Buffer overflowD. Group policy
In an attempt to collect information about a user’s activities, which of the following will be used by spyware? A. Session cookieB. Tracking cookieC. Shopping cartD. Persistent cookie
In an attempt to collect information about a user’s activities, which of the following will be used by spyware? A. Session cookieB. Tracking cookieC. Shopping cartD. Persistent cookie
An organization hires you to test an application that you have limited knowledge of. You are given a login to the application, but do not have access to source code. What type of test are you running? A. Gray boxB. White boxC. Black boxD. SDLC
An organization hires you to test an application that you have limited knowledge of. You are given a login to the application, but do not have access to source code. What type of test are you running? A. Gray box A gray box test is when you are given limited information about the system you are testing.B. White boxC. Black boxD. SDLC
An attacker takes advantage of vulnerability in programming, which allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? A. Directory traversalB. Command injectionC. Buffer overflowD. Code overflow
An attacker takes advantage of vulnerability in programming, which allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? A. Directory traversalB. Command injectionC. Buffer overflowD. Code overflow
You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? A. Install antivirus softwareB. Install pop-up blockersC. Install screensaversD. Install a host-based firewall
You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? A. Install antivirus softwareB. Install pop-up blockersC. Install screensaversD. Install a host-based firewall
Which of the following attacks uses a JavaScript image tag in an e-mail? A. SQL injectionB. Cross-site request forgeryC. XSS - Cross-site scripting D. Directory traversal
Which of the following attacks uses a JavaScript image tag in an e-mail? A. SQL injectionB. Cross-site request forgeryC. XSS - Cross-site scripting D. Directory traversal
How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.)
A. Have the user contact the webmaster.B. Have the user check for HTTPS://.C. Have the user click the padlock in the browser and verify the certificate.D. Have the user called the ISP.
How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.)
A. Have the user contact the webmaster.B. Have the user check for HTTPS://.C. Have the user click the padlock in the browser and verify the certificate.D. Have the user called the ISP.
Again, use this Chapter 4 prep to help with Exam #2 (Chapters 4 & 5)
