ISMN 5730 Test 3
a video streaming applet written in Java and downloaded to clients from a server presents the greatest threat of which type of attack?
Mobile code/content
to resolve IP numbers to names and names to IP numbers is the function of...
The DNS
which of the following is a common framework used to develop an enterprise security architecture?
Zachman framework
what is true of enterprise security architecture?
a strategic prospective of the organization is required to develop an enterprise security architecture, a focus alignment with business processes is important, architectures should be designed to support organizational goals
which of the following statements about OSI and TCI/IP is correct?
OSI is the model upon which the TCP/IP is based
when application developers fail to provide appropriate means in application source code to truncate or limit input string size into interface fields, the application becomes susceptible to which type of attack?
buffer overflow
regarding application security, which is not a common issue that poses a potential threat?
check sum redistribution
an IP address is...
composed of 32 bits
in testing phase of an application development project, which is NOT a desirable characteristic of test data that will be used to evaluate a newly developed application?
it should be live real-time online data from the current production system
in the testing phase of an application development project, what are the desirable. characteristic of test data that will be used to evaluate a newly developed application?
it should provide a means of checking upper and lower bounds of the system regarding field sizes, time, and dates; it should represent a wide range of possible data that could be entered in the system by users; it should be able to be validated both before and after test runs
in the project initiation phase of the system development life cycle, which is NOT an important consideration for a security professional?
perform unit test to evaluate the security of code
enterprise security architecture addresses...
strategic alignment, process enhancement, business enablement, security foundation, and aligned with best practices
regarding application security, what are common issues that pose a potential threat?
trap/back doors, garbage collection, object reuse
enterprise security architecture does not address...
configurations for technical infrastructure
a complete conceptual model of systems including software, hardware, and users is known as...
architecture diagram
in the project initiation phase of the system development life cycle, which is an important consideration for a security professional?
conduct of risk analysis, identify appropriate security frameworks, identification of security needs
what are principal benefits of enterprise security architecture?
consistently manage IT risk across the enterprise, allow decision makers to make better and quicker security-related decisions across for the enterprise, reduce the costs of managing IT risk
which is not true of enterprise security architecture?
development of the architecture is primarily end-user driven
which of the following is generally not considered part of a data network?
end user
which is not a principal benefit of an enterprise security architecture?
promote a positive perspective for systems management across the enterprise
which should be the first step in establishing organizational control for remote access?
publish a clear policy for remote access