cct250 ch09 quiz

Ace your homework & exams now with Quizwiz!

Which of the following statements is NOT true regarding Structured Query Language (SQL) injections?

They are specific to only one vendor's database and cannot force the application to reveal restricted information.

Input validation refers to restricting the type of input or data the website will accept so that mistakes will not be entered into the system.

True

Which of the following statements is NOT true regarding the protection of databases?

Very few tools are available to locate, audit, and ultimately protect databases.

Which of the following refers to encryption using short keys or keys that are poorly designed and implemented that can allow an attacker to decrypt data easily and gain unauthorized access to the information?

Weak ciphers or encoding algorithms

Hunter collected the following banner information from a web server in his environment. What type of information can he determine solely by analyzing this banner?

Web server version

Typical categories of databases include all of the following EXCEPT

applied database.

Offloading services from the local intranet to the Internet itself can be done by using:

cloud computing

Security issues that can arise in cloud computing that are above and beyond those with standard environments include all of the following EXCEPT:

detectability.

The categories of Web application vulnerabilities include all of the following EXCEPT:

end-user education.

Web applications that require a user to log on prior to gaining access can track information relating to improper or incorrect logons; this information typically lists entries such as all of the following EXCEPT:

entry of a valid user ID and password.

Browser do not display

hidden fields

Exploitative behaviors against Web applications include all of the following EXCEPT:

man-in-the-middle attacks

Common database vulnerabilities include the following except _

many audit log settings

NGSSquirreL and AppDetective are:

pieces of software for performing audits on databases

Which of the following challenges can be solved by firewalls?

protection against buffer overflows

NCC SQuirreL and AppDetectivePro are ________.

software tools for performing audits on databases

Common database vulnerabilities include all of the following EXCEPT:

strong audit log settings.

SQLPing and SQLRecon are:

tools for locating rogue or unknown database installations.

-- are scripting languages. (Select two)

-Javascript -PHP

Web applications are used to

Allow dynamic content

Common forms of distributed denial of service (DDoS) attacks include all of the following EXCEPT:

Buffer overflows

What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data.

Cross-site scripting (XSS)

Which of the following is a hierarchical, structured format for storing information for later retrieval, modification, management, and other purposes?

Database

Which category of risk inherent with Web servers includes risks such as the ability to steal information from a server, run scripts or executables remotely, enumerate servers, and carry out denial of service (DoS) attacks?

Defects and misconfiguration risks

Which class of individuals works the most with the server and is primarily concerned with access to content and services?

End user

A denial of service (DoS) attack is considered a critical problem because it is very difficult to defeat.

False

A distributed denial of service (DDoS) attack is mostly an annoyance; however, a denial of service (DoS) attack is much more of a problem.

False

Databases can be a victim of source code exploits.

False

Input validation is a result of SQL injections.

False

The stability of a web server does not depend on the operating system

False

Which web session vulnerability is directly associated with sessions that remain valid for periods longer than they are needed?

Long-lived sessions

-- is used to audit databases.

NCC SQuirreL

Which of the following is the best choice for storing and retrieving massive volumes of data in extremely short periods of time?

NoSQL database

Which cloud computing service model provides a virtual infrastructure and some preinstalled software components?

PaaS

Which of the following is NOT considered a vulnerability of Web servers?

Poor end-user training

-- can be caused by the exploitation of defects and code.

SQL injection

Which class of individuals is primarily concerned with the security of the Web server because it can provide an easy means of getting into the local network?

Server administrator

Which of the following refers to a language used to interact with databases, making it possible to access, manipulate, and change data?

Structured Query Language (SQL)


Related study sets

Sherpath EAQ CH 11: High Risk Perinatal Care: Preexisting Conditions

View Set

Ch5 Ethics in international business

View Set

T10 Superannuation & Retirement Planning

View Set

nclex questions med surg/patho exam 3

View Set

Intro To Psychology Chapter 7 Quiz

View Set