1 / 22

Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep. Press F5 Grab a pen / pencil and paper Jot the answer down for each question. The answers will appear on the next slide Take this prep seriously to help with Chapter 4’s exam... Hint hint.

conlan
Download Presentation

Chapter 4 Application Security Knowledge and Test Prep

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 4 Application SecurityKnowledge and Test Prep • Press F5 • Grab a pen / pencil and paper • Jot the answer down for each question. • The answers will appear on the next slide • Take this prep seriously to help with Chapter 4’s exam... Hint hint

  2. Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP? A.SMTP B.SAP C.SPA D.Exchange

  3. Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP? A.SMTP B.SAP C.SPA (Secure Password Authentication) is a Microsoft protocol used to authenticate e-mail clients. D.Exchange

  4. As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet? A. Instant messaging B. Cookies C. Group policies D. Temporary files

  5. As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet? A. Instant messaging B. Cookies C. Group policies D. Temporary files

  6. What are two ways to secure Internet Explorer? (Select the two best answers.) A. Set the Internet zone’s security level to High. B. Add malicious sites to the Trusted Sites zone. C. Disable the pop-up blocker. D. Disable ActiveX controls.

  7. What are two ways to secure Internet Explorer? (Select the two best answers.) A. Set the Internet zone’s security level to High. B. Add malicious sites to the Trusted Sites zone. C. Disable the pop-up blocker. D. Disable ActiveX controls.

  8. Which of the following concepts can ease administration but can be the victim of malicious attack? • A. Zombies • B. Backdoors • C. Buffer overflow • D. Group policy

  9. Which of the following concepts can ease administration but can be the victim of malicious attack? • A. Zombies • B. Backdoors Backdoors were originally created to ease administration. However, hackers quickly found that they could use these backdoors for a malicious attack. • C. Buffer overflow • D. Group policy

  10. In an attempt to collect information about a user’s activities, which of the following will be used by spyware? • A. Session cookie • B. Tracking cookie • C. Shopping cart • D. Persistent cookie

  11. In an attempt to collect information about a user’s activities, which of the following will be used by spyware? • A. Session cookie • B. Tracking cookie • C. Shopping cart • D. Persistent cookie

  12. An organization hires you to test an application that you have limited knowledge of. You are given a login to the application, but do not have access to source code. What type of test are you running? • A. Gray box • B. White box • C. Black box • D. SDLC

  13. An organization hires you to test an application that you have limited knowledge of. You are given a login to the application, but do not have access to source code. What type of test are you running? • A. Gray box A gray box test is when you are given limited information about the system you are testing. • B. White box • C. Black box • D. SDLC

  14. An attacker takes advantage of vulnerability in programming, which allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? • A. Directory traversal • B. Command injection • C. Buffer overflow • D. Code overflow

  15. An attacker takes advantage of vulnerability in programming, which allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? • A. Directory traversal • B. Command injection • C. Buffer overflow • D. Code overflow

  16. You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? • A. Install antivirus software • B. Install pop-up blockers • C. Install screensavers • D. Install a host-based firewall

  17. You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? • A. Install antivirus software • B. Install pop-up blockers • C. Install screensavers • D. Install a host-based firewall

  18. Which of the following attacks uses a JavaScript image tag in an e-mail? • A. SQL injection • B. Cross-site request forgery • C. XSS - Cross-site scripting • D. Directory traversal

  19. Which of the following attacks uses a JavaScript image tag in an e-mail? • A. SQL injection • B. Cross-site request forgery • C. XSS - Cross-site scripting • D. Directory traversal

  20. How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.) • A. Have the user contact the webmaster. • B. Have the user check for HTTPS://. • C. Have the user click the padlock in the browser and verify the certificate. • D. Have the user called the ISP.

  21. How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.) • A. Have the user contact the webmaster. • B. Have the user check for HTTPS://. • C. Have the user click the padlock in the browser and verify the certificate. • D. Have the user called the ISP.

  22. Again, use this Chapter 4 prep to help with Exam #2(Chapters 4 & 5)

More Related