Exam 3
The IP value of 00011000
24
All changes take effect or none do
Atomicity
A column in a relational database table
Attribute
An example would passing a string into an input filed on a web page that is too long for the field
Buffer Overflow
When application developers fail to provide appropriate means in application source code to truncate or limit input string size into interface fields, the application becomes susceptible to which type of attack?
Buffer Overflow
Regarding application security, which is not a common issue that poses a potential threat?
Check Sum Redistribution
An IP address is...
Composed of 32 bits
Used to tanslate IP addresses to host names
DNS
A completed transaction is permanent
Durability
Which of the following is generally not considered part of a data network?
End User
Which of the following is TRUE of IDS?
IDS are detective controls
Many corporate telecommunication environments now support IM. Which is TRUE of IM communications is:
IM communications generally lack encryption
Which is TRUE of an IPS?
IPS is a preventive control
A video streaming applet written in Java and downloaded to clients from a server presents the greatest threat of which type of attack?
Mobile Code/Content
Two of XYZ Co. sales reps at different customer locations both attempt to enter a sales transaction for the same product in XYZ's inventory system at the exact same time. If XYZ Co uses a relational database for sales and inventory management, what is the likely outcome of this transaction?
No entry to either system will be made and both users will be foreced to re-entery their respective transactions
Model used to describe telecommunications data transfer
OSI
Which of the following statements about OSI and TCI/IP is correct?
OSI is the model upon which the TCP/IP protocol is based
Transactions are recorded in real-time
Online Transaction Processing
Generally, the first layer of application security for which the security professional is concerned is:
Operating System Layer
From lecture, which is NOT a concept associated with object-oriented application development?
Partitioning
In the Project initiation phase of the system development life cycle, which is not an important consideration for a security professional?
Perform Unit test to evaluate the security of code
For Relational Database Systems, which of the following is NOT true?
Primary keys must be numeric
Which should be the first step in establishing organization control for remote access?
Publish a clear policy on remote access
Which of the following is NOT an advantage of using a database management system?
Reduces liability for data breach
Which of the follow is a common database threat?
SQL Injection
Which of the following is not a concern regarding database security?
The Network Connection
User action is required spread this
Virus
To resolve IP numbers to names and names to IP numbers is the function of...
the DNS
Typically attacks server software
Worm
In testing phase of an application development project, which is not a desirable characteristic of test data that will be used to evaluate a newly developed application?
It should be live real-time online data from the current production system.