IS3340 CHAPTER 12 Flashcards Preview

IS3340 SEC. STRAT. IN WINDOWS PLATFORM & APPS. > IS3340 CHAPTER 12 > Flashcards

Flashcards in IS3340 CHAPTER 12 Deck (28):
1

Computer software designed to allow users to perform specific tasks is called ___?

APPLICATION SOFTWARE

2

An integrated collection of software programs that are used to manage many aspects of a business, including financials, human resources, assets, and business process is called ___?

ENTERPRISE RESOURCE PLANNING (ERP)

3

A popular protocol used to transfer files from one computer to another is called ___?

FILE TRANSFER PROTOCOL (FTP)

4

A secure application layer protocol used to transfer encrypted content between Web browsers and Web servers. It encrypts traffic by sending messages over SLS/TLS and is called ___?

HYPERTEXT TRANSFER PROTOCOL SECURE (HTTPS)

5

An attack in which the attacker is located between a client and a server and intercepts traffic flowing back and forth between the two computers. The attacker can view or modify data that is transmitted in the clear and is called ___?

MAN-IN-THE-MIDDLE

6

Adding more authority to the current session than the process should possess is called ___?

PRIVILEGE ESCALATION

7

A statement that accesses data in a database is called ___?

QUERY

8

The act of masquerading as another identity is called ___?

SPOOFING

9

An attack that adds SQL statements to input data for the purpose of sending commands to a database management system is called ___?

SQL INJECTION

10

A computer language for accessing data in a database is called ___?

STRUCTURED QUERY LANGUAGE (SQL)

11

An option in several database management systems that encrypts all data in the database without any user or application action required is called ___?

TRANSPARENT DATA ENCRYPTION (TDE)

12

A character string used to identify the location and name of a resource on the Internet is called ___?

UNIFORM RESOURCE LOCATOR (URL)

13

A computer that follows the instructions sent from another computer is called a ___?

ZOMBIE

14

1. The main focus when security application software is confidentiality.
TRUE OR FALSE

FALSE

15

2. Which type of application attack attempts to add more authority to the current process?

1. Privilege spoofing
2. Identity escalation
3. Privilege escalation
4. Identity spoofing

Privilege escalation

16

3. Which of the following is the best first step in securing application software?

1. Install all of the latest patches
2. Harden the operating system
3. Configure application software using least privilege
4. Perform penetration tests to evaluate vulnerabilities

Harden the operating system

17

4. A ___ is an attractive target because it is the primary client of Web applications.

Web browser

18

5. Why are ActiveX controls potential security risks?

1. Active X controls potential security risks
2. Active X controls can contain malware and run on the server
3. Active X controls require that you divulge sensitive authentication details
4. Active X controls are outdated and generally used by older Web applications

Active X controls potential security risks

19

6. Enabling secure connections ensures email messages are encrypted between sender and recipient.
TRUE OR FALSE

FALSE

20

7. Which of the following is a simple step to make email clients more secure?

1. Use EFS/BitLocker to store email messages on the server
2. Install third party message encryption
3. Turn off message preview
4. Remove email clients and use server-based email access

Turn off message preview

21

8. Which of the following steps can increase the security of all application software?

1. Install anti-malware software
2. Use whole disk encryption on client workstations
3. Run SCW on workstations
4. Require an SSL/TLS for connections to a Web server

Install anti-malware software

22

9. You use Windows server roles to configure each Windows server computer to perform only one task.
TRUE OR FALSE

FALSE

23

10. A URL can contain commands the Web server will execute.
TRUE OR FALSE

TRUE

24

11. How do you install IIS on a Windows Server 2008 R2 computer?

1. Purchase IIS and install it
2. Download IIS for free and install it
3. Add the Web Server (IIS) role to a server
4. Install IIS from the Windows install DVD

Add the Web Server (IIS) role to a server

25

12.A ___ is any statement that accesses data in a database.

Query

26

13. ___ encrypts all data in a database without requiring user or application action.

Transparent Dat Encryption (TDE)

27

14. SQL Injection attacks are only possible against popular Microsoft SQL Server databases.
TRUE OR FALSE

FALSE

28

15. Is requiring secure connections between your Web server and your application server worth the overhead and administrative effort?

1. No, because both the Web server and application server are inside your secure network
2. Yes, because your Web server is in the DMZ and is Internet-facing
3. No, because secure connections between high volume servers can dramatically slow down both servers
4. Yes, because your application server is in the DMZ and is Internet-facing

Yes, because your Web server is in the DMZ and is Internet-facing