MISY 5320 Info Assurance and Security 17 & 19
What is a security issue with Common Gateway Interface (CGI)?
CGI scripts that are poorly written can cause unintended consequences at runtime
What application is associated with TCP Ports 20 and 21?
FTP
Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection?
FTP
What application is associated with TCP Ports 989 and 990?
FTPS
Which protocol is used for the transfer of hyperlinked data over the Internet, from web servers to browsers?
HTTP
Which RAID 0 configuration, known as striped disks, simply spreads the data that would be kept on the one disk across several disks?
RAID 0
Which RAID configuration, known as mirrored disks, copies the data from one disk onto two or more disks?
RAID 1
Which attack works on both SSL and TLS by transparently converting the secure HTTPS connection into a plain HTTP connection, removing the transport layer encryption protections?
SSL stripping attack
Which port is used by HTTPS?
TCP port 443
Which port is used by SSMTP?
TCP port 465
_____ is the name given to a board collection of application programming interfaces (APIs), protocols, and programs developed by Microsoft to download and execute code automatically over an Internet-based channel.
activeX
Which alternative site provides the basic environmental controls necessary to operate, but has few of the computing components necessary for processing?
cold site
_____ was the original method for having a Web server execute a program outside the Web server process, yet on the same server.
common gateway interface (CGI)
Which attack is a code injection attack in which an attacker sends code in response to an input request?
cross-site scripting attack
Which backup requires a small amount of space and is considered to have a complex restoration process?
delta
In a(n) ____________________ backup, only the files that have changed since the last full backup was completed are backed up.
differential
Which plan defines the data and resources necessary and the steps required to restore critical organizational processes?
disaster recovery plan (DRP)
basically has the same goal as high availability--the uninterrupted access to data and services--and is accomplished by the mirroring of data and systems.
fault tolerance
____________________ is an application-level protocol that operates over a wide range of lower-level protocols.
file transfer protocol
Which type of alternative site is a fully configured environment that is similar to the normal operating environment and can be operational immediately or within a few hours, depending on its configuration and the needs of the organization?
hot site
Which statement correctly describes SSL v3 and TLS authentication?
in SSL v3/TLS, mutal authentication of both client and server is possible
Which backup requires a medium amount of space and is considered to have an involved restoration process?
incremental
Which term is a mechanism where traffic is directed to identical servers based on availability?
load balancing
Which type of alternative site generally use trailers, often rely on generators for their power but also factor in the requirement for environmental controls immediately.
mobile backup sites
With a(n) _____, similar organizations agree to assume the processing for the other party in the event a disaster occurs.
mutual aid agreement
What DRP category would a business function fall under if an organization could last without that function for up to 30 days before the business was severely impacted?
necessary for normal processing
_____ refer to copies of virtual machines.
snapshots
Which term describes a proactive plan for personnel substitutions in the event that the primary person is not available to fulfill their assigned duties?
succession planning
Which statement describes the primary purpose of JavaScript?
the primary purpose of JavaScript is to enable features such as validation of forms before they are submitted to the server
Which item should be available for short-term interruptions, such as what might occur as the result of an electrical storm?
uninterruptible power supply (UPS)
Which alternative site is partially configured,usually having peripherals and software, but perhaps not the more expensive main processing components?
warm site
Which term describes a piece of code that is distributed to allow additional functionality to be added to an existing program?
add-on
Which attack is the most common exploit used to hack into software?
buffer overflow
____________________ is the term used to describe the document that details the specific impact of elements on a business operation.
business impact analysis
Which document outlines what the loss of any critical functions will mean to the organization?
business impact analysis (BIA)
Which RAID configuration, known as dedicated parity drive, stripes data across several disks but in larger stripes than in RAID 3 and uses a single drive for parity-based error checking?
RAID 4
Which term is a means of signing an ActiveX control so that a user can judge trust based on the control's creator?
authenticode
Which backup technique requires a large amount of space and is considered to have a simple restoration process?
full
_____ refers to the ability to maintain availability of data and operational processing (services) despite a disrupting event.
high availability
Which term refers to the predicted average time that will elapse failure (or between failures) of a system?
mean time to failure
Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present?
HTTPS Everywhere
Which browser plug-in allows the user to determine which domains have trusted scripts?
NoScript
Which RAID configuration is known as bit-level error-correcting code and not typically used, as it stripes data used, as it stripes data across the drives at the bit level as opposed to the block level?
RAID 2
Which RAID configuration, known as byte-striped with error check, spreads the data across multiple disks at the byte level with one disk dedicated to parity bits?
RAID 3
Which RAID configuration, known as block-striped with error check, is a commonly used method that stripes the data at the block level and spreads the parity data across the drives?
RAID 5
Which port does HTTP traffic travel over by default?
TCP port 80
What is the goal of TCP?
To send an unauthenticated, error-free stream of information between two computers.
Which term describes a collection of technologies that is designed to make Web sites more useful for users?
Web 2.0
To enable interoperability, the ____________________ standard was created as a standard for directory services.
X.500
What attack type is possible when user-supplied information is used in a header?
cache poisoning
A(n) _____ is a group of servers deployed to achieve a common objective.
cluster
_____ was an attempt to bring the security of shrink-wrapped software downloaded from the Internet.
code signing
Which term describes a computer language invented by Sun Microsystems as an alternative to Microsoft's development languages?
Java
In the case of an FTP server, which account allows unlimited public access to the files and is commonly used when you want to have unlimited distribution?
anonymous
_____ is a system that uses digital signatures and allows Windows users to determine who produced a specific piece of code and whether or not the code has been altered.
authenticode
Planning for the issue of returning to an earlier release of a software application in the event that a new release causes either a partial or complete failure is known as ____________________.
backout planning
_____ is the term used to describe the document that details the specific impact of elements on a business operation.
business impact analysis (BIA)
____________________ refers to the ability to maintain availability of data and operational processing (services) despite a disrupting event.
high availability
_____ are small application programs that increase a browser's ability to handle new data types and add new functionality.
plug-ins
Which strategy is focused on backup frequency?
recovery point objective (RPO)
_____ is the time period representing the maximum period of acceptable data loss.
recovery point objective (RPO)
The term ____________________ is used to describe the target time that is set for resuming operations after an incident.
recovery time objective
Which strategy has the goal of defining the requirements for business continuity?
recovery time objective (RTO)
When using Secure FTP (SFTP) for confidential transfer, what protocol is combined with FTP to accomplish this task?
secure shell (SSH)
____________________ is a general-purpose protocol developed by Netscape for managing the encryption of information being transmitted over the Internet.
secure sockets layer
Which term is the use of packet sniffing to steal a session cookie?
side-jacking
Which term refers to a critical operation in the organization upon which many other operations rely and which itself relies on a single item that, if lost, would halt this critical operation?
single point of failure
Which alternative site is designed to be operational within a few days?
warm site
