Chapter 6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Terry is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place? Cross site request forgery Server siude request forgery Command injection Buffer overflow

Buffer overflow

Kim creates open-source software tools and wants to assure users that the code they received is authentic code provided by the author. What technique can Kim use to provide this assurance? Code signing Code endorsement Code encryption Code obfuscation

Code signing

Which of the following measures would database administrators consider to be the best defense against data exposure? Normalization Data minimization Tokenization Hashing

Data minimization

When making a change to a web application in use by an organization to fix a bug, the work should be completed in the _____________ environment. Test Development Stagin Production

Development

Taylor is designing a pentest platform that needs to be able to expand and contract as needs change. Which of the following terms describes Taylor's goal? Elasticity Scalability Agility Cost effectiveness

Elasticity

Morgan is testing software by sending invalid and even random data to the application. What type of code testing is Morgan conducting? Mutation testing Static code analysis Dynamic ocde analysis Fuzzing

Fuzzing

Jen is engaged in a penetration test and wishes to eavesdrop on communications between a user and a web server. What type of attack would Jen likely use? Man in the middle Session hijacking Buffer overflow Meet in the middle

Main in the middle

Precompiled SQL statements that only require variables to be input are an example of what type of application security control? Parameterized queries Encoding Data Input validation Appropriate access controls

Parameterized queries

The phases of the software development life cycle in order are: Planning , Requirements , Design , Coding , Testing , Training and Transition , and Ongoing Operations and Maintenance . What is the order they go in?

Planning -> Requirements -> Design -> Coding -> testing -> Training and Transition -> Ongoing Opeartions and Maintenance

Sam is conducting a penetration test in preparation for an external pentest engagement. Sam attempts a session hijacking attack which will require a __________ to be successful. Sessiong ticket Session cookie Username User password

Session cookie


Ensembles d'études connexes

Ricci Chapter 51 PrepU (Shock Only)

View Set

BIO 201 TEST 2 PRACTICE QUESTIONS

View Set

Intelligence/Emotional Intelligence

View Set

Part 3: Research for Personal Budgeting

View Set

Chapter 2 - Organizational Behavior

View Set

Stars and Constellations Study guide

View Set

KIN 371 QUIZ questions and answers

View Set