Network Defense Chapter 10
Web servers use which of the following elements in an HTML document to allow an individual to submit information to the Web server?
<form>
Which of the following application tests analyzes a running application for vulnerabilities? Executable Application Security Testing Static Application Security Testing Fast Application Security Testing Dynamic Application Security Testing
Dynamic Application Security Testing
Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows? HTML VBScript PHP JScript
PHP
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers? ADSDSOOBJECT MySQLProv SNAOLEDB SQLOLEDB
SQLOLEDB
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN. True False
True
OLE DB relies on connection strings that enable the application to access the data stored on an external device. False True
True
Web applications written in CFML can also contain other client-sidetechnologies, such as HTML and JavaScript. True False
True
Which of the following refers to the flow a user is expected to follow in anapplication to accomplish a goal? error handling delay logic business logic client flow
business logic
Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device? program strings connection strings string interfaces SQL strings
connection strings
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers? security tools developer tools scan tools SQL tools
developer tools
Which specific type of tag do All CFML tags begin with? # CF % CFML
CF
A user can view the source code of a PHP file by using their Web browser's tools. True False
False
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser? scripts cgi-bin bin cgi
cgi-bin
Which of the following interfaces is a standard database access method,developed by SQL Access Group, that allows an application to access datastored in a database management system (DBMS)? ADO OLE DB JDBC ODBC
ODBC
Which of the following is an alternative term used when referring to Application Security?
AppSec
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages? CFML XML PHP DHTML
CFML
Which of the following is the interface that determines how a Web server passes data to a Web browser? ASP CGI Perl PHP
CGI
Visual Basic Script (VBScript) is a scripting language developed by which of the following companies? Macromedia Symantec Sun Microsystems Microsoft
Microsoft
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
Security Bulletin
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
Which JavaScript function is a "method" or sequence of statements that perform a routine or task? getElementById() document.write() CFLOCATION()
getElementById()
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input? injection spoofing insertion redirection
injection
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it? authorization discovery input auditing input validation
input validation
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web? ADO SNAOLEDB SQL ADOSQL
ADO
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)? ADO JDBC OLE DB ODBC
OLE DB
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application? injected unvalidated Stored reflected
Stored
JavaScript is a server-side scripting language that is embedded in an HTML Web page. True False
False
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available? Dynamic Application Security Testing Static Application Security Testing (SAST) Executable Application Security Testing Fast Application Security Testing
Static Application Security Testing (SAST)
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL? unvalidated reflected injected Stored
reflected
Which of the following results from poorly configured technologies that a Web application runs on top of? reflected corruption stored misconfigurations security misconfigurations reflected misconfigurations
security misconfigurations