Chapter 7 Host, Data, and Application Security

Question 1

Relational Database

Answer 1

Allows data to be viewed in dynamic ways based on the user’s or administrator’s needs

Question 2

One-Tier Model

Answer 2

Database and application exist on a single system

Question 3

Two-Tier Model

Answer 3

The client workstation runs an application that communicates with the database that is running on a different server

Question 4

Three-Tier Model

Answer 4

Effectively isolates the end user from the database by introducing a middle-tier server

Question 5

Middle-Tier Server

Answer 5

Accepts requests from clients, evaluates them, and sends them on to the database server for processing, and vice versa.

Question 6

NoSQL Database

Answer 6

• Not a relational database and doesn’t use SQL.

- Often used where scaling is important

Question 7

Storage Area Network (SAN)

Answer 7

A separate network set up to appear as a server to the main organizational network, basically just to store data.

Question 8

Fuzzing

Answer 8

Providing unexpected values as input to an application in order to make it crash

Question 9

Open Web Application Security Project (OWASP)

Answer 9

A voluntary group dedicated to forming secure coding practices for web-based applications and more.

Question 10

Computer Emergency Response Team (CERT)

Answer 10

Detail standards for secure coding

Question 11

Hotfix

Answer 11

An immediate and urgent patch

Question 12

Patch

Answer 12

A non-urgent fix or functionality

Question 13

Service Packs

Answer 13

Cumulative assortment of the hotfixes and patches to date

Question 14

Full Control

Answer 14

A user can read, write, execute, and assign permissions to others

Question 15

Modify

Answer 15

Read and write with delete added

Question 16

Read and Execute

Answer 16

Allows the user to run a program

Question 17

List Folder Contents

Answer 17

Allows the user to see what is in a folder but not to read the files

Question 18

Web Application Firewall (WAF)

Answer 18

Looks at every request between a web client and a web server and identifies possible attacks

Question 19

What should you always disable on an FTP server?

Answer 19

The anonymous account

Question 20

3 Main Attacks on DNS Servers

Answer 20

1) DoS
2) Footprinting
3) Compromising Record Integrity

Question 21

Footprinting

Answer 21

The act of gathering data about a network in order to find ways that someone might intrude.

Question 22

DNS Poisoning

Answer 22

A daemon caches DNS reply packets and uses the extra data to try to get useful info for other attacks

Question 23

Full Backup

Answer 23

All changes to the data are archived

Question 24

Differential Backup

Answer 24

All changes since the last full backup are archived

Question 25

Incremental Backup

Answer 25

All changes since the last backup of any type are archived.

Question 26

Hierarchical Storage Management (HSM)

Answer 26

Provides continuous online backup by using optical or tape jukeboxes

Question 27

RAID 1 + 0 (10)

Answer 27

- A mirrored data set which is then striped | - Minimum of 4 drives

Question 28

RAID 0 + 1

Answer 28

- The stripes are mirrored | - Minimum of 4 drives

Question 29

Data at Rest

Answer 29

Data currently not being transmitted

Question 30

Data in Transit

Answer 30

Information being sent

Question 31

Data Loss Prevention (DLP) Systems

Answer 31

Monitor the contents of systems to make sure that key content is not deleted or removed.

Question 32

Trusted Platform Module (TPM)

Answer 32

A chip that can store cryptographic keys, passwords, or certificates.

Question 33

Hardware Security Module (HSM)

Answer 33

A cryptoprocessor that can be used to enhance security, commonly used with PKI systems