Common Vulnerabilities Quiz

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Which of the following factors pose the greatest risk for embedded systems? (Select 2 answers) 1. Lack of user training 2. Inadequate vendor support 3. System sprawl 4. Default configurations 5. Improper input handling

- Inadequate vendor support - Default configurations

An effective asset management process provides countermeasures against: (Select all that apply) 1. System sprawl 2. Race conditions 3. Undocumented assets 4. Architecture and design weaknesses 5. User errors

- System sprawl - Architecture and design weaknesses - Undocumented assets

A situation in which an application writes to an area of memory that it is not supposed to access is referred to as: 1. DLL injection 2. Buffer overflow 3. Memory leak 4. Integer overflow

Buffer overflow

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as: 1. DLL 2. ISO 3. EXE 4. INI

DLL

Which of the terms listed below describes a type of attack that relies on executing a library of code? 1. Memory leak 2. DLL injection 3. Pointer dereference 4. Buffer overflow

DLL injection

A predefined username/password on a brand new wireless router is an example of: 1. Default configuration 2. Misconfiguration 3. Zero-day vulnerability 4. Architecture/design weakness

Default configuration

Which of the terms listed below refers to a software that no longer receives continuing support? 1. OEM 2. SDLC 3. EOL 4. SPoF

EOL

After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of: 1. Fuzz testing 2. Improper input handling 3. Brute-force attack 4. Improper error handling

Improper error handling

A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of: 1. Zero-day vulnerability 2. Improper input validation 3. Default configuration 4. Improper error handling

Improper input validation

Which of the following violates the principle of least privilege? 1. Onboarding process 2. Improperly configured accounts 3. Shared accounts for privileged users 4. Time-of-day restrictions

Improperly configured accounts

Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it? 1. Buffer overflow 2. Pointer dereference 3. Memory leak 4. Integer overflow

Integer overflow

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called: 1. Memory leak 2. Buffer overflow 3. DLL injection 4. Integer overflow

Memory leak

Which of the following terms describes an attempt to read a variable that stores a null value? 1. Integer overflow 2. Pointer dereference 3. Buffer overflow 4. Memory leak

Pointer dereference

A malfunction in preprogrammed sequential access to a shared resource is described as: 1. Race condition 2. Buffer overflow 3. Memory leak 4. Pointer dereference

Race condition

Which of the answers listed below describes the result of a successful DoS attack? 1. Code injection 2. Resource exhaustion 3. Identity theft 4. Privilege escalation

Resource exhaustion

In the IT industry, the term "System sprawl" is used to describe one of the aspects of poor asset management process. 1. True 2. False

True

The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks. 1. True 2. False

True

What is the best countermeasure against social engineering? 1. AAA protocols 2. User authentication 3. Strong passwords 4. User education

User education

Zero-day attack exploits: 1. New accounts 2. Patched software 3. Vulnerability that is present in already released software but unknown to the software developer 4. Well known vulnerability

Vulnerability that is present in already released software but unknown to the software developer

An e-commerce store app running on an unpatched web server is an example of: 1. Architecture/design weakness 2. Risk acceptance 3. Vulnerable business process 4. Security through obscurity

Vulnerable business process


संबंधित स्टडी सेट्स

Special Materials Finals Reviewer

View Set

Chapter 9: Formation and Requirements of Contracts

View Set

American History DEVELOPMENT OF CONSTITUTIONAL GOVERNMENT Test - Study Guide

View Set

Multiplying Polynomials by Polynomials

View Set

Chapter 4 SIE Exam Quiz Questions

View Set