Exam 3

The IP value of 00011000

24

All changes take effect or none do

Atomicity

A column in a relational database table

Attribute

An example would passing a string into an input filed on a web page that is too long for the field

Buffer Overflow

When application developers fail to provide appropriate means in application source code to truncate or limit input string size into interface fields, the application becomes susceptible to which type of attack?

Buffer Overflow

Regarding application security, which is not a common issue that poses a potential threat?

Check Sum Redistribution

An IP address is...

Composed of 32 bits

Used to tanslate IP addresses to host names

DNS

A completed transaction is permanent

Durability

Which of the following is generally not considered part of a data network?

End User

Which of the following is TRUE of IDS?

IDS are detective controls

Many corporate telecommunication environments now support IM. Which is TRUE of IM communications is:

IM communications generally lack encryption

Which is TRUE of an IPS?

IPS is a preventive control

A video streaming applet written in Java and downloaded to clients from a server presents the greatest threat of which type of attack?

Mobile Code/Content

Two of XYZ Co. sales reps at different customer locations both attempt to enter a sales transaction for the same product in XYZ's inventory system at the exact same time. If XYZ Co uses a relational database for sales and inventory management, what is the likely outcome of this transaction?

No entry to either system will be made and both users will be foreced to re-entery their respective transactions

Model used to describe telecommunications data transfer

OSI

Which of the following statements about OSI and TCI/IP is correct?

OSI is the model upon which the TCP/IP protocol is based

Transactions are recorded in real-time

Online Transaction Processing

Generally, the first layer of application security for which the security professional is concerned is:

Operating System Layer

From lecture, which is NOT a concept associated with object-oriented application development?

Partitioning

In the Project initiation phase of the system development life cycle, which is not an important consideration for a security professional?

Perform Unit test to evaluate the security of code

For Relational Database Systems, which of the following is NOT true?

Primary keys must be numeric

Which should be the first step in establishing organization control for remote access?

Publish a clear policy on remote access

Which of the following is NOT an advantage of using a database management system?

Reduces liability for data breach

Which of the follow is a common database threat?

SQL Injection

Which of the following is not a concern regarding database security?

The Network Connection

User action is required spread this

Virus

To resolve IP numbers to names and names to IP numbers is the function of...

the DNS

Typically attacks server software

Worm

In testing phase of an application development project, which is not a desirable characteristic of test data that will be used to evaluate a newly developed application?

It should be live real-time online data from the current production system.