CYB 240 - 2-2 Reading Quiz
Symmetric cryptography involves how many keys? - 1 - 2 - 3 - 4
1
Which of the following is not a recommended minimum requirement for a password policy? - At least three lowercase letters - At least one non-alphanumeric character - At least two numeric characters - At least two uppercase letters
At least three lowercase letters
If you were to test all the length of all input fields, you would be taking one of the steps to stop what type of attack? - Injection flaws - Clickjack - Insecure cookies - Buffer overflow
Buffer overflow
Symmetric cryptography provides which tenet of the CIA triad? - Availability - Confidentiality - Non-repidiation - Integrity
Confidentiality
Which is not a key component of building string security into the software development life cycle (SDLC)? - Security requirements - Business requirements - Cost-benefit analysis - Threat modeling
Cost-benefit analysis
By implementing technology to identify and prevent internet control message protocol (ICMP) flood attacks, you would be trying to prevent which type of attack? - SQL injection attack - Cross-site scripting attack - Denial-of-service attack - Buffer overflow attack
Denial-of-service attack
Creating a framework for secure coding includes involving the security team. When should the team be involved? - After requirements are detailed - After design - After threat modeling - From the beginning
From the beginning
Passwords should be stored as what type of values? - Complex - Hashed - Non-encrypted - Simple
Hashed
What is the best way to implement the Pragma: No Cache Directive? - Implement it in an HTTPS file header - Write it into a cookie - Write a script to make sure it is applied - Insert it in the meta tag in the header of an HTML page
Insert it in the meta tag in the header of an HTML page
What is considered the most common cause for security breaches? - Insufficient training - Insufficient patch management - Insufficient IT systems - Insufficient funding
Insufficient patch management
Developing and deploying service packs and patches to manage security threats is part of which stage of the waterfall SDLC? - System analysis - Designing - Testing - Maintenance
Maintenance
Asymmetric cryptography is also known as - Private key cryptography - Public key cryptography - Cipher key cryptography - Block key cryptography
Public key cryptography
What are you trying to prevent by giving the lowest possible privileges to any party trying to communicate with the database or its server? - Buffer overflow attacks - Distributed Denial of Service (DDoS) attacks - SQL injection attacks - Clickjack attacks
SQL injection attacks
Which term refers to the process of removing data that exists in memory at the end of a session? - Scrubbing memory - Assessing memory - Deleting memory - Sanitizing memory
Scrubbing memory
What stage comes first in the waterfall SDLC? - Designing - Testing - System analysis - Maintenance
System analysis
What is the main advantage of asymmetric key cryptography over symmetric key cryptography? - The need to distribute the key - The amount of research done on it - The block size of the cipher - The elimination of the need to distribute the key
The elimination of the need to distribute the key
In order to ensure output encoding, characters should be set to which character set? - UTF-16 - Unicode - UTF-8 - ASCII
UTF-8
Which of the following is not part of web application security testing? - Real-time testing - Constant testing and retesting - Using control management tools - Reviewing lines of code
Using control management tools
What is the oldest, best-known methodology for SDLC? - Six Sigma - Agile - Scrum - Waterfall
Waterfall
