CISS 320 Chapter 12

What makes IP spoofing possible for computers on the Internet?
the lack of authentication
What type of attack displays false information masquerading as legitimate data?
phishing
What type of attack exploits a lack of bounds checking on the size of data stored in an array?
buffer overflow
What type of attack involves plaintext scripting that affects databases?
SQL injection
What type of DNS configuration prevents internal zone information from being stored on an Internet-accessible server?
split-DNS architecture
Which aspect of hardening a Windows Web server allows you to restrict access to the web server based on IP address?
access control
Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data?
NAP
Which of the following is a top-level digital certificate in the PKI chain?
trust anchor
Which of the following is NOT a recommended security setting for Apache Web servers?
use the default standard Web page error messages
Which of the following is NOT a step you should take to prevent attackers from exploiting SQL security holes?
use standard naming conventions
Which of the following is true about the Internet?
it was established in the mid-1960s
Which variation on phishing modifies the user’s host file to redirect traffic?
pharming
Computers on the Internet are identified primarily by their IP address.
True
SQL injection attacks are isolated to custom applications, so administrators can prevent them.
True
Windows Basic Authentication requires that users enter a username and password and the password is transmitted using a hashing algorithm.
False