LabTest3
How can you verify that the integrity of encrypted files is maintained during the transmission to another user's computer?
Compare the decrypted file's contents with the contents of the original file.
A ______________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door", allowing additional hack tools and access to the system.
Trojan
When the key is successfully created, which of the following options lets you store your certificate on a public Internet server?
Upload Certificate to Directory Service
The ___________ is a quarantine area where all removed files, virus infected or suspicious files are stored until you take action on them.
Virus Vault
The __________ is a personal firewall that filters incoming and outgoing traffic by blocking unauthorized traffic to the local computer.
Windows Firewall with Advanced Security
Each time a key pair is created, Kleopatra generates
a unique 40-character fingerprint
When malware slose performance, which of the following tenets of information system security is impacted?
Availability
What must you do to any certificate imported into Kleopatra before you can use it to decrypt messages?
Change the trust level
Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input?
Cross-site scripting (XSS)
When is the company under additional compliance laws and standards to ensure the confidentiality of customer data?
If e-commerce or privacy data is entered into the web application
Which of the following helps secure the perimeter of a network?
Intrusion prevention systems
If someone sends you his public key and you import it into Kleopatra, will he be able to decrypt the encrypted messages you send him?
No because you must provide your public key to any user wanting to decrypt any message encrypted by you.
Which of the following statements is true regarding the hybrid approach to encryption?
It provides the same full CIA protection as asymmetrical encryption with nearly the same speed as symmetrical encryption.
What is the certificate management component of GPG4Win?
Kleopatra
When the key is successfully created, which of the following options sends a copy of your private key to your computer?
Make a Backup Of Your Key Pair
Which of the following is a security countermeasure that could be used to protect your production SQL databases against injection attacks?
Monitor your SQL databases for unauthorized or abnormal SQL injections.
Which type of attack is triggered by the victim?
Persistent cross-site scripting attack
Which of the following allows valid SQL commands to run within a web form?
SQL Injection
Which Web application attack is more likely to extract privacy data elements out of a database?
SQL Injection attack
In the lab, what did you do before attempting the script tests that exposed the vulnerabilities?
Set the security level of DVWA to low.
Which of the following statements is true regarding aymmetrical encryption?
The receiver obtains the needed key from the sender or through a trusted third party, such as certificate server.
Web application developers and software developers are responsible for:
The secure coding and testing of their application.
Which of the following statements is true regarding symmetric cryptography?
The sender and receiver use the same key to encrypt and decrypt a given message.
Which of the following statements is true regarding SQL Injection attacks?
Their likelihood can be reduced through regular testing. Correct Answer:d.
Which of the following statements is true regarding cross-site scripting (XSS) attacks?
They are one of the most common web attacks.
Why do hackers often send zipped and encrypted files and attachments?
They cannot be opened by antivirus software and so they will often reach the recipient.
The main principle of ____________ is to build layers of redundant and complementary security tools, policies, controls and practices around the organization's information and assets.
defense in depth
Database developers and administrators are responsible for:
ensuring regular backups of the database are performed.
Often hackers will use ____________ to make the scripts even harder to detect.
hexadecimal character strings
Some of the more important _________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management.
host-based security measures
In a ___________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen.
non-persistent cross-site scripting
No production web application, whether it resides inside or outside the firewall, should be implemented without:
penetration testing and security hardening.
Web application firewalls, security information and event management systems, access controls, network security monitoring and change controls help to keep the "soft center" from becoming an easy target when the ________ fails.
perimeter
In a _____________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server.
persistent cross-site scripting
Users often complain that _____________ make their systems "slow" and hard to use.
security measures