Web App Sec exam 1 chapters 1, 2 and 3
Aziz is an avid user of social networking sites. He continues to post detailed information about upcoming trips, personal photos showing children, and his phone number and contact information. Which of the following OWASP privacy threats refers to his situation? A. Operator-sided data leakage • B. Web application vulnerabilities • C. Outdated personal information • D. Insecure data transfer
A
Marilyn used a computer at a local Internet café to access her favorite social networking sites, and then left without logging out of the computer. Which OWASP top 10 threat to online privacy is she most likely at risk for? A. Missing or insufficient session expiration B. Operator-sided data leakage C. Outdated personal information D. Web application vulnerabilities
A
One of the advantages of doing business online is that business can be conducted 24 hours a day, 7 days a week. Which part of the architecture design allows this to happen? A. High availability B. Backups C. Accelerated routers D. Online data recovery
A
Which of the following are included in CLM (Customer Life cycle) ? A. Acquisition B. Retention C. Suspension D. Conversion
ABD
You are designing a customer-service strategy for a large company. The client has asked that you incorporate full two-way communication between service staff and the customer. Which of the following methods would you suggest? A. E-mail support B. FAQ C. Customer feedback forms D. VoIP
AD
Bernard recently received an e-mail that included a link to reset his PayPal password. This is likely a form of which of the following? • A. Malware • B. Phishing • C. Cookies • D. Insecure networks
B
William has recently discovered that all of the files and folders on his laptop are encrypted. He is a victim of a ransomware attack. Which is the best way for William to get access to his files? • A. Pay for the decryption key. • B. Hire tech support to create a decryption key. • C. Format, reinstall, and use backups. • D. Buy a new laptop.
C
"Contact us" forms are an example of which of the following? A. One-way communication B. Full two-way communication C. Limited two-way communication D. Full one-way communication
C
Small files containing information you enter on some Web pages, including username and password combinations, are called which of the following? • A. Malware • B. Phishing • C. Cookies • D. Viruses
C
Which e-commerce concern is the ability to verify a person or system's identity? A. Integrity B. Nonrepudiation C. Authentication D. Privacy
C
Which of the following are two of the most common online banking threats? A. Spoofing and ransomware B. Phishing and persuasion C. Spoofing and phishing D. Persuasion and shoulder surfing
C
Which of the following delivers an infrastructure, including servers, storage, and networking components, over the Internet? A. SaaS B. PaaS C. IaaS D. IoT
C
Which of the following has not been a factor in the development of the Internet of Things? A. Enhancements to networking infrastructure B. The relatively low cost of storage and computing power C. Stringent federal legislation requiring use of encryption on all "smart" devices D. Networking protocol advancement (IPv6)
C
Which of the following is true of virtualization? A. You can build physical software versions of systems that behave like their virtual equivalents. B. A virtual machine is a physical implementation. C. A virtual machine can simulate a complete system or just one particular process. D. A host can run only a single virtual machine at one time.
C
You have been asked to reduce the number of applications you host on your internal network. You decide to use an online version of the company's accounting software. This may be an example of which of the following? A. Virtualization and SaaS B. Cloud computing and IaaS C. Cloud computing and SaaS D. Virtualization and IaaS
C
Many people refer to the Semantic Web as ________. A. social networking B. social media C. Web 2.0 D. Web 3.0
D
Many security features are available for building a secure system. Which of the following is NOT is categories of security features? A. Authentication B. Auditing C. Authorization D. Integrity
D
Packet-switched networks use independent routing, which allows which of the following? A. Networks to operate independently from each other B. Packets to seek the lowest bandwidth route C. Networks to better balance their bandwidth D. Packets to take an alternate route if a route is unavailable
D
The following is NOT an effective method of mitigating e-mail scams? A. Creating acceptable use policies for e-mail usage B. Monitoring inbound and outbound messages C. Using e-mail filtering software D. Posting privacy policies on the company Web site
D
What is NOT an example of cloud computing? A. Google Docs B. Online e-mail services C. Online data storage services D. A static Web page
D
Which OWASP top 10 threat to online privacy is most likely to be used by advertisers to develop a demographic profile and target ads to Web users? A. Insufficient deletion of personal data B. Web application vulnerabilities C. Outdated personal information D. Collection of data not required for the primary purpose
D
Which of the following is NOT a common method used by identity thieves to gain a victim's personal information? A. Launching e-mail phishing attacks B. Exploiting unsecured social networking sites C. Scanning old computers D. Contacting law enforcement
D
Which of the following is NOT a key security concern regarding the Internet of Things? A. Privacy B. Authorization C. Encryption D. Efficiency
D
_____ is the protection of individual rights to nondisclosure. A. Integrity B. Nonrepudiation C. Authentication D. Privacy
D
Which of the following are required to establish a VPN connection? A. VPN client B. VPN server C. SSL D. Transmission media
ABD
Which of the following can be used in a social engineering attack? (Select three.) • A. Dumpster diving • B. Shoulder surfing • C. Trojan horse • D. Persuasion
ABD
Nicholas is using a public computer in an Internet café to update personal information. Which of the following are steps he can take to ensure his privacy? (Select two.) • A. Ensure no one is shoulder surfing • B. Bookmark the site for faster retrieval • C. Erase the browser history when finished • D. Make sure auto-fill is enabled
AC
Despite the overwhelming trend of companies having an online presence, some companies do not see an adequate return on investment from a Web site; or their Web site generates very little interest. Which of these following characteristics might not be a factor for poor performance by a Web site? A. Poor visitor tracking B. 7/24/365 availability C. Poor site design D. Confusing checkout procedures
B
Kimberly has recently logged on a shopping site to purchase a new bicycle and bike shorts. She is concerned that the communication link is not secure. Which of the following could she check to verify a secure link? • A. Contact the vendor via e-mail for a purchase policy • B. Verify that HTTPS is being used in the URL • C. Verify that HTTP is being used in the URL • D. Uncheck the auto-fill option in the browser
B
Mimic sites (or pharming) are examples of which of the following? • A. Phishing attacks • B. E-commerce scams • C. Malware • D. Cookies
B
Tim Berners-Lee, the original creator of the World Wide Web, envisions the future Web 3.0 more resembling which of the following? A. A dynamic document B. A database C. A fully redundant network D. A user-generated social network
B
What is qualified Web traffic? A. Any visitor who clicks ads on your Web site B. Any visitor who fits your desired demographic C. All Web traffic that is reported on in Google Analytics D. All Web traffic that comes to your site from a social networking site
B
Which of the following is a bookmarking Web site? A. Facebook B. Delicious C. Wordpress D. Wikipedia
B
Which of the following is true of the Internet and the World Wide Web? A. The Internet is the largest private network. B. The Internet is a mass interconnected collection of computer networks. C. The primary communications protocol suite used on the World Wide Web is Hypertext Transfer Protocol (HTTP). D. The Internet is a secure medium.
B
Which of the following provides operating systems or platform applications over the Internet? A. SaaS B. PaaS C. IaaS D. IoT
B
You have to connect three remote employees to the corporate network. Which of the following technologies would you use? A. SSL B. VPN C. One-way communication D. Remote acquisition
B
_______ occurs when a cybercriminal acquires and then uses your personal information to effectively become you for conducting transactions. A. Eavesdropping B. Identity theft C. Social engineering D. Malware
B
Which of the following describes a patch? A. Is a single software fix designed to fix a specific issue B. Is a major upgrade to an application C. May provide enhanced features for an operating system D. Requires an administrator to take a performance baseline before applying
A
Which of the following describes the connection of everyday devices and appliances to the Internet? A. Internet of Things (IoT) B. Virtualization C. Protocol computing D. World Wide Web
A
Which of the following is NOT a mitigation best practice for online banking risks? A. A shared computer B. Authentication security C. Site encryption D. Virus scanning
A
Which of the following is a photoblogging Web site? A. Flickr B. Delicious C. Wordpress D. Wikipedia
A
Which of the following protocols is NOT a Web communication protocol that authenticates users or computers? A. VoIP B. PPTP C. IPSec D. L2TP
A
Which of the following provides specific applications or services to a client over the Internet? A. SaaS B. PaaS C. IaaS D. IoT
A
Which protocol is used by HTTPS for encrypting data between the client and the host? A. SSL B. SSH C. RSH D. TFTP
A
You run a service-oriented Web site aimed at consumers. You gather contact information from Web site visitors who order your service or who request to be put on your e-mail list. You have a privacy policy posted on your Web site, and you do not disclose the contact information to another business or party. Which security tenet are you upholding? A. Confidentiality B. Integrity C. Availability D. Authorization
A
