IS3445 CHAP 8 SECURING WEB APPLICATIONS Flashcards Preview

IS3445 SEC WEB APPS > IS3445 CHAP 8 SECURING WEB APPLICATIONS > Flashcards

Flashcards in IS3445 CHAP 8 SECURING WEB APPLICATIONS Deck (27)
Loading flashcards...
1
Q

___ is a block cypher encryption standard that creates keys from 128 bis to 256 bits in length. AKA Rijndail.

A

(AES) Advanced Encryption Standard

2
Q

___ is input validation mechanisms on the silent side using the client browser.

A

Client-side validation

3
Q

___ is backtracking up a directory path using “../” or dot.dot.slash to access areas not intended to be accessible.

A

Canonicalization attacks

4
Q

___is an encryption standard using a 56-bit key encryption method.

A

(DES) Data encryption standard

5
Q

___is a small electronic file that serves to validate or encrypt a message or browser session. These are often used to create a digital signature which offers non-repudiation of a user or a Web site.

A

Digital certificate

6
Q

___is an access control method in which access is not forced from the administrator or the operating system; rather, access is controlled by the information’s owner.

A

(DAC) Discretionary access control

7
Q

___ is a security measures such as firewalls, IDSs, and antivirus solutions installed directly on a client system.

A

Host-based security

8
Q

___ is an access control mechanism in which access is controlled and dictated by the network administrator.

A

(MAC) Mandatory access control

9
Q

___ is a family of secret key cryptographic algorithms from RSA Security, Inc.

A

Rivest Cipher

10
Q

___ A formal document from the Internet Engineering Task Force (IETF) that is the result of committee drafting and revision of a technical document.

A

(RFC) Request for Comments

11
Q

___An access control mechanism in which access decisions are determined by the roles that individual users have as part of an organization.

A

Role based access control

12
Q

___ An access control mechanism in which access to objects is controlled according to established rules.

A

Rule based access control

13
Q

___ is the process of planning, designing, creating, testing, deploying, and maintaining software.

A

(SDLC) Software development life cycle

14
Q

___ is the special type of access control list that monitors attempts to get into secured objects on a system.

A

(SACL) System access control list

15
Q

___ is and encryption method that uses three 56-bit encryption keys.

A

(3DES) Triple Data Encryption Standard

16
Q
  1. SFTP is a secure version of FTP.

TRUE OR FALSE

A

TRUE

17
Q
  1. You are the administrator of large network. The network has several groups of users–including students, administrators, developers, and front-end staff. Each user on the network is assigned network access depending on his or her job in the organization. Which access control method is being used?
  2. Discretionary access control
  3. Role based access control
  4. Rule based access control
  5. Mandatory access control
A

Role based access control

18
Q
  1. Discretionary access control uses an access control list to determine access.
    TRUE OR FALSE
A

TRUE

19
Q
  1. As a network administrator, you are concerned with the clear-text transmission os sensitive data on the network. Which of the following protocols are used to help secure communications? (Select two)
  2. FTPv2
  3. SCP
  4. SSL
  5. SNMP
A

SCP

SSL

20
Q
  1. As part of the networks’s overall security strategy, you want to establish an access control method in which the owner decides who can and who cannot access the information. Which type of access control method is being described?
  2. Mandatory access control
  3. Role based access control
  4. Discretionary access control
  5. Rule based access control
A

Discretionary access control

21
Q
  1. ___ and HTTP are combined to secure online transactions.
A

Secure Sockets Layer or SSL

22
Q
  1. Mandatory access control secures information and resources by assigning sensitivity labels on objects and comparing this to the level of sensitivity a user is assigned.
    TRUE OR FALSE
A

TRUE

23
Q
  1. ___, AKA Rijndail, is a block cipher encryption standard. It can create keys from 128 bits to 256 bits in length.
A

Advanced Encryption Standard (AES)

24
Q
  1. As a network administrator, you have configured your company’s firewall to allow remote users access to the network only between the hours of 1:00 p.m. and 4:)) p.m. which type of access control method is being used?
  2. Discretionary access control
  3. Role based access control
  4. Mandatory access control
  5. Rule based access control
A

Rule based access control

25
Q
  1. You are concerned about the integrity of messages sent over your HTTP connection. You use HTTPS to secure the communication. Which of the following are hashing protocols used with SSL to provide security? (Select two)
  2. IPSec
  3. SHA1
  4. MD5
  5. SFTP
A

SHA1

MD5

26
Q
  1. A malicious user can insert tags into your Web pages, creating interactive content designed to steal information from your users.
    TRUE OR FALSE
A

TRUE

27
Q
  1. Authorization is any process by which you verify that someone is who they claim they are.
    TRUE OR FALSE
A

FALSE