Host, Data and Application Security
Which of the following is the technique of providing unexpected values as input to an application to try to make it crash?
Fuzzing
Gerard is concerned about SQL injection attacks on his company's e-commerce server. What security measure would be most important for him to implement?
Input Validation
Mary is responsible for website security in her company. She wants to address widely known and documented web application vulnerabilities. Which resource would be most helpful?
OWASP (Open Web Application Security Project)
John is responsible for application security at his company. He is concerned that the application reacts appropriately to unexpected input. What type of testing would be most helpful to him?
Fuzzing
What refers to the process of establishing a standard for security?
Baselining
You want to assign privileges to a user so that she can delete a file but not be able to assign privileges to others. What permissions should you assign?
Delete
Elizabeth works for a company that manufactures portable medical devices, such as insulin pumps. She is concerned about security for the device. What would be the most helpful in securing these devices?
Ensure that all communication with the device are encrypted
You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted on. What describes the process of improving security in a network operating system (NOS)?
Hardening
Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation?
Hotfix
Ahmed is responsible for security of a SCADA system. If availability is his biggest concern, what is the most important thing for him to implement?
IPS (Intrusion Prevention System
Myra is concerned about database security. She wants to begin with a good configuration of the database. Which of the following is a fundamental issue with database configuration?
Normalization
What is the process of applying manual changes to a program called?
Patching
Denish is testing an application that is multithreaded. What is a specific concern for multithreaded applications?
Race Conditions
Juan has just made a minor change to the company's e-commerce application. The change works as expected. What type of testing is most important for him to perform?
Regression Testing
Your company has grown at a tremendous rate, and the need to hire specialists in various IT areas has become apparent. You're helping to write an online advertisement that will be used to recruit new employees, and you want to make certain that applicants possess the necessary skills. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads?
Relational
What would be the most secure way to deploy a legacy application that requires a legacy operating system?
Sandboxing
Gertrude is managing a new software project. The project has very clearly defined requirements that are not likely to change. What is the most appropriate development model for her?
Scrum
The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up to date. What is a bundle of one or more system fixes in a single product called?
Service Pack
Vincent is a programmer working on an e-commerce site. He has conducted a vulnerability scan and discovered a flaw in a third-party module. There is an update available for this module that fixes the flaw. What is the best approach for him to take to mitigate this threat?
Submit an RFC (Rear Field Communication)
You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform at its best in order to benefit the sale. What model is used to provide an intermediary server between the end user and the database?
Three-Tiered