Mid3 Chap9 M82

What is the most common attack waged against Web servers?
Buffer overflow
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the windows to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?
Drive-by download
Which of the ff. are subject to SQL injection attacks?
Database servers
You have a website that accepts input from users for creating customers’ accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input files and have those commands execute on the server. Which type of attack has occurred?
SQL injection
Which of the ff. attacks is a form of software exploitation that transmits or submits a longer stream of data that the input variable is designed to handle?
Buffer overflow
Which of the ff. methods should you use to prevent SQL injection attacks?
Perform input validation
Which type of attack is the act of exploiting a software program’s free acceptance to input in order to execute arbitrary code on a target?
Buffer overflow
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for product that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
Pop-up blocker
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Buffer overflow
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
Buffer overflow
Which of the ff. is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
XSS
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the ff. would you restrict to accomplish this?
Client-side scripts
Which of the ff. is not true regarding cookies?
They operate within a security sandbox
Use of which of the ff. is a possible violation of privacy?
Cookies
What is a cookie?
A file saved on your hard drive that tracks Web site preferences and use.
Which of the ff. is a text file provided by a Web site to client that is stored on a user’s hard drive in order to track and record information about the user?
Cookie
You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?
Allow first party cookies but block third-party cookies
To help prevent browser attacks, users of public computers should do which of the ff.?
Clear the browser cache
You want to use a protocol for encrypting e-mails that uses a PKI with X.509 certificates. Which method should you choose?
S/MIME
What is the most common means of virus distribution?
E-mail
You want to use an encryption protocol for encrypting Internet phone calls. Which protocol would you choose?
PGP
You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl

You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do?

Add Kenyan.msn.pl to the e-mail blacklist.
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?
Spamming
Which of the ff. mechanism can you use to add encryption to e-mail? (Select two.)
S/MIME, PGP
Instant Messaging does not provide which of the ff.?
Privacy
What type of attack is most likely to succeed against communications between Instant Messaging clients?
Sniffing
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?
Peer-to-Peer networking
Which of the ff. is an advantage of virtual browser?
Protects the operating system from malicious downloads
Which of the ff. are advantages of virtualization? (Select two.)
Centralized administration, Easy migration of system to different hardware.
You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the ff. would best protect your system?
Run the browser within a virtual environment
Which of the ff. are disadvantages to server virtualization?
A failure in one hardware component could affect multiple servers
Which of the ff. is specifically meant to ensure that a program operates on clean, correct and useful data?
Input Validation
Which of the ff. will enter random data to the inputs of an application?
Fuzzing