Chapter 9 & 10 Ethical Hacking
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection
What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?
BIOS-based rootkit
What programming languages are vulnerable to buffer overflow attacks?
C and C++
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?
CFML
Which of the following is the interface that determines how a Web server passes data to a Web browser?
CGI
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
Java-based
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?
Share-level security
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
input validation
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources?
router
