Application in Information Security Chapter 9

Web apps are used to _____ a. allow dynamic content b. stream video c. apply scripting d. impose security controls

a. allow dynamic content

Hackers often use __________ instead of cleartext to make the scripts harder to detect. a. hexadecimal character strings b. scripting tags c. cross-site scripting (XSS) d. Simple Network Management Protocol (SNMP)

a. hexadecimal character strings

Which of the following is a Damn Vulnerable Web Application (DVWA) security level that mimics a vulnerable Web application? a. low b. medium c. high d. critical

a. low

True or False? A good way to prevent Structured Query Language (SQL) injection attacks is to use input validation, which ensures that only approved characters are accepted. a. true b. false

a. true

True or False? An organization's Web server is often the public face of the organization that customers and clients see first. a. true b. false

a. true

__________ are scripting langs (pick 2) a. ActiveX b. JavaScript c. CGI d. PHP

b. JavaScript and d. PHP

In general, which of the following is accomplished by appending a valid SQL command to the input that is being passed through a Web form into the database behind it? a. SNMP b. SQL injection c. XSS d. DVWA

b. SQL injection

Typical categories of databases include all of the following EXCEPT: a. relational database b. applied database c. distributed database d. object-oriented programming database

b. applied database

True or false? Databases can be victim of source code exploits a. true b. false

b. false

True or false? The stability of a web server does not depend on the operating system a. true b. false

b. false

Browsers do not display ________ a. ActiveX b. Hidden fields c. Java d. JavaScript

b. hidden fields

Which of the following challenges can be solved by firewalls? a. protection against buffer overflows b. protection against scanning c. enforcement of privileges d. ability to use non standard ports

b. protection against scanning

____________ can be caused by exploitation of defects and codes a. buffer overflows b. sql injection c. buffer injection d. input validation

b. sql injection

Which class of individuals works the most with the server and is primarily concerned with access to content and services? a. Server administrator b. Network administrator c. End user d. Web attacker

c. End user

__________ is used to audit databases a. ping b. IPConfig c. NCC SQuirreL d. SQLRECON

c. NCC SQuirreL

Common database vulnerabilities include all of the following EXCEPT: a. unused stored procedures b. services account privilege issues c. strong audit log settings d. weak or poor authentication methods enabled

c. strong audit log settings

Which of the following is a tool specifically designed with common vulnerabilities to help Web developers test their own applications prior to release? a. CVE listing database b. SQL injection c. Cross-site scripting (XSS) d. Damn Vulnerable Web Application (DVWA)

d. Damn Vulnerable Web Application (DVWA)

The categories of Web application vulnerabilities include all of the following EXCEPT: a. authentication issues b. authorization config c. session management issues d. end-user education

d. end-user education

True or False? Input validation is a result of SQl injections a. true b. false

b. false