Ethical Hacking Test 5
Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device?
connection strings
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
input validation
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?
ADO
Which of the following results from poorly configured technologies that a Web application runs on top of?
security misconfigurations
What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?
BIOS-based rootkit
Which specific type of tag do All CFML tags begin with?
CF
What is the current file system that Windows utilizes that has strong security features?
NTFS
T or F. Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have.
True
T or F. Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
True
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources?
router
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?
CFML
T or F. JavaScript is a server-side scripting language that is embedded in an HTML Web page.
False
A device that performs more than one function, such as printing and faxing is called which of the following?
MFD
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
SQLOLEDB
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?
Static Application Security Testing
T or F. OLE DB relies on connection strings that enable the application to access the data stored on an external device.
True
Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack?
Web server
Ubuntu and Debian Linux use what command to update and manage their RPM packages?
apt-get
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?
business logic
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
cgi-bin
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
developer tools
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
Air gap
Which of the following is an alternative term used when referring to Application Security?
Appsec
What programming languages are vulnerable to buffer overflow attacks?
C and C++
Which of the following is the interface that determines how a Web server passes data to a Web browser?
CGI
Web servers use which of the following elements in an HTML document to allow an individual to submit information to the Web server?
D
Which of the following application tests analyzes a running application for vulnerabilities?
Dynamic Application Security Testing
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
Java-based
Which of the following is a common Linux rootkit?
Linux Rootkit 5
Visual Basic Script (VBScript) is a scripting language developed by which of the following companies?
Microsoft
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
Microsoft Security Bulletin
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?
PHP
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?
Reflected
When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?
Share-level security
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?
Stored
T or F. CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
True
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
User-Level Security
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
Which JavaScript function is a "method" or sequence of statements that perform a routine or task?
getElementById()
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
T or F. A user can view the source code of a PHP file by using their Web browser's tools.
False
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
OLE DB
