ISMN 5730 Test 3

a video streaming applet written in Java and downloaded to clients from a server presents the greatest threat of which type of attack?

Mobile code/content

to resolve IP numbers to names and names to IP numbers is the function of...

The DNS

which of the following is a common framework used to develop an enterprise security architecture?

Zachman framework

what is true of enterprise security architecture?

a strategic prospective of the organization is required to develop an enterprise security architecture, a focus alignment with business processes is important, architectures should be designed to support organizational goals

which of the following statements about OSI and TCI/IP is correct?

OSI is the model upon which the TCP/IP is based

when application developers fail to provide appropriate means in application source code to truncate or limit input string size into interface fields, the application becomes susceptible to which type of attack?

buffer overflow

regarding application security, which is not a common issue that poses a potential threat?

check sum redistribution

an IP address is...

composed of 32 bits

in testing phase of an application development project, which is NOT a desirable characteristic of test data that will be used to evaluate a newly developed application?

it should be live real-time online data from the current production system

in the testing phase of an application development project, what are the desirable. characteristic of test data that will be used to evaluate a newly developed application?

it should provide a means of checking upper and lower bounds of the system regarding field sizes, time, and dates; it should represent a wide range of possible data that could be entered in the system by users; it should be able to be validated both before and after test runs

in the project initiation phase of the system development life cycle, which is NOT an important consideration for a security professional?

perform unit test to evaluate the security of code

enterprise security architecture addresses...

strategic alignment, process enhancement, business enablement, security foundation, and aligned with best practices

regarding application security, what are common issues that pose a potential threat?

trap/back doors, garbage collection, object reuse

enterprise security architecture does not address...

configurations for technical infrastructure

a complete conceptual model of systems including software, hardware, and users is known as...

architecture diagram

in the project initiation phase of the system development life cycle, which is an important consideration for a security professional?

conduct of risk analysis, identify appropriate security frameworks, identification of security needs

what are principal benefits of enterprise security architecture?

consistently manage IT risk across the enterprise, allow decision makers to make better and quicker security-related decisions across for the enterprise, reduce the costs of managing IT risk

which is not true of enterprise security architecture?

development of the architecture is primarily end-user driven

which of the following is generally not considered part of a data network?

end user

which is not a principal benefit of an enterprise security architecture?

promote a positive perspective for systems management across the enterprise

which should be the first step in establishing organizational control for remote access?

publish a clear policy for remote access