Chapter 7 - Host, Data, and Application Security Flashcards Preview

Security + > Chapter 7 - Host, Data, and Application Security > Flashcards

Flashcards in Chapter 7 - Host, Data, and Application Security Deck (32)
Loading flashcards...

what is the most common approach to implementing a database?

7 - 215

relational database


this language is the most commonly used language when speaking to databases

7 - 216

Structured Query Language


Contrast the 3 database system models.

7 - 216

one tier - database and application exist on a single system
two tier - client workstation runs an application that communicates with the database that is running on a different server
three tier - there is a middle tier server that operates between the client and the database server


there is a difference in benefits between the SQL server and the NoSQL server. what is that difference?

7 - 217

NoSQL can handle structured, semistructured, and unstructured data. SQL is good for structured data


what's the problem with Big Data?

7 - 218

hard to manage


you have a mini-network with one purpose: store data. what is this network called?

7 - 218

Storage Area Network (SAN)


what is fuzzing?

7 - 218

providing unexpected values as input to an application in order to make it crash


how can you prevent fuzzing?

7 - 218

make sure your input is of the expected type


what is the only prevention for cross-site scripting and sql injection?

7 - 218

secure coding


what is OWASP?

7 - 219

voluntary group dedicated to forming secure coding practices for web-based applications


there is another group responsible for secure coding. what is that group?

7 - 219

CERT, the Computer Emergency Response Team


can baselining be done with metrics, applications, or both?

7 - 219



tell me the difference between a hotfix, a patch, and a service pack? how are they similar?

7 - 220

hotfix - immediate and urgent, applied to the system
patch - additional functionality, non urgent fix
service pack - cumulative assortment of hotfixes and patches

similar because they are all patches to the operating system


tell me the 5 user permissions, going from least restrictive to most restrictive

7 - 220,221

full control
read and execute


in your own words, tell me what an access control list is

7 - 221

a list of who can access what resource and at what level


there are 6 things you can do to keep hosts safe from malware. what are they?

7 - 221, 222

install antivirus software
install antispam filters
install antispyware software
use pop-up blockers
use host-based firewalls
use host-based IDSs


true-false: a web application firewall can look at every single request between a web client and a web server for the purpose of identifying attacks

7 - 226



security baselining is also known as performance baselining. what input does it provide?

7 - 227

the input needed to design, implement, and support a secure network


what two things can you do to harden your web servers?

7 - 228

run filters to limit traffic to what is required and only what is required

only run scripts that have been tested, debugged, and approved for use


what can you do to harden your email servers?

7 - 228

use an active virus scanner


other than replacing your FTP server with SFTP, what are four things you can do to harden your FTP servers?

7 - 229,230

create a separate drive or sub-directory on the system to allow file transfers
use VPN or SSH connections for FTP type activities
use separate logon accounts and passwords for FTP access
always disable the anonymous user account


how can you minimize DNS DoS attacks?

7 - 230

keep the server software and OS software updated and make sure to use two-factor authentication


attackers use footprinting to find a means of entering your network and learning its configuration. what can you do to dash away their dreams?

7 - 231

the network information you have on an external DNS server should be kept to a bare minimum


what will happen if a bogus record is inserted into a DNS server?

7 - 231

the record will point to the location the attacker intends to compromise rather than to a legitimate site.


what happens in DNS poisoning? how is the stolen information used?

7 - 231

a daemon caches DNS reply packets.

info is used in a break-in or man-in-the-middle attack


briefly describe the three types of backups

7 - 233

full - all changes to the data are archived
differential - all changes since the last full backup are archived
incremental - all changes since the last backup of any type are archived


there are 7 types of RAID. list them.

7 - 235

0 - striped disks. minimum 2 disk, no fault tolerance.
1 - mirroring. minimum 2 disks
3/4 - striped disks with dedicated parity. 3 or more disks.
5 - striped disks with distributed parity, 3 or more disks.
6 - striped disks with dual parity, 4 or more disks
1+0 - a stripe of mirrors, 4 disks minimum
0+1 - mirror of stripes, 4 disks minimum


when you have multiple computers working together a a single server, what is that called?

7 - 235



what can you do to obtain high availability?

7 - 235

load balancing


there is a list of application security issues you should be aware of. list them for me.

7 - 235

key management - cryptography and keys
credential management - user names and passwords
authentication - problem in mobile devices
geo-tagging - GPS
encryption - increases security
application white-listing - list of apps allowed on network
transitive trust/authentication - A=B=C