Chapter 7

Question 1

Relational Database

Answer 1

Most common approach to database implementation. Allows data to be viewed in dynamic ways based on the user’s or administrator’s needs

Question 2

NoSQL

Answer 2

A non-relational/distributed dynamic database that does not use SQL

Question 3

One-Tier Model

Answer 3

The database and application exist on a single system. Common on desktop systems running a standalone database

Question 4

Two-Tier Model

Answer 4

The client workstation or system runs an application that communicates with the database that is running on a different server

Question 5

Three-Tier Model

Answer 5

isolates the end user from the database by introducing a middle-tier server. It evaluates them and sends them on the database server for processing

Question 6

SAN

Answer 6

Storage Area Network

A separate network set up to appear as a server to the main organization network

Question 7

Fuzzing

Answer 7

technique of providing unexpected values as input to an application in order to make it crash. Values can be random, invalid, or just unexpected

Question 8

Secure Coding

Answer 8

the best way to prevent many attacks. It’s a broad concept. Keeping coding secure can prevent SQL injection

Question 9

OWASP

Answer 9

Open Web Application Security Project

a voluntary group dedicated to forming secure coding practices for web based applications as well as mobile and client applications along with back-end design issues

Question 10

CERT

Answer 10

Computer Emergency Response Team

addresses exception handling

Question 11

DLP

Answer 11

Data Loss Protection

Systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed

Question 12

RAID 3 or 4

Answer 12

Striped Disks with Dedicated Parity

Needs three or more disks with data distributed over disks

Question 13

RAID 6

Answer 13

Striped with Dual Parity

combines 4 or more disks in a way that protects data against the loss of any two disks. Adds an additional

Question 14

Hotfix patch

Answer 14

is an immediate and urgent patch. In general, these represent serious security issues and are not optional

Question 15

Patch

Answer 15

Provides added functionality or a non urgent fix

Question 16

Service Pack

Answer 16

Cumulative assortment of the hotfixes and patches to date

Question 17

HSM

Answer 17

Hierarchical Storage Management

Provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system

Question 18

Antimalware Best Practices

Answer 18

Install Antivirus
Install Antispam Filters
Install Antispyware Filters
Use Pop-up blockers
Use host-based firewalls
Use host based IDSs

Question 19

How to harden FTP

Answer 19

Create a separate file areas for the transfers
If possible, use a VPN or SSH
Use separate login accounts
Disable anonymous user accounts

Question 20

Footprinting

Answer 20

Act of gathering data about a network in order to find ways that someone might intrude. Looks for vulnerabilities and any means of entry

Question 21

Hardening DHCP Services

Answer 21

Only one DHCP server should be running at a time

Use NAT

Question 22

Types of backups

Answer 22

Full - All changes and data archived
Differential - All changes since the last full backup
Incremental - All changes since the last backup of any kind

Question 23

Clustering

Answer 23

Used parallel processing (improving performance and availabilty) and adds redundancy

Question 24

Load Balancing

Answer 24

High availability can be maintained through splitting using multiple servers

Question 25

Hardening Email Servers

Answer 25

Use Antivirus Scanners to filter out malicious emails