Client and Application Security Chapter 9 Quiz
Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow? Roller barrier Type V controls Fencing Barricade
Barricade
How does heuristic detection detect a virus? A virtualized environment is created and the code is executed in it. The bytes of a virus are placed in different "piles" and then used to create a profile. The virus signature file is placed in a suspended chamber before streaming to the CPU. A string of bytes from the virus is compared against the suspected file.
The bytes of a virus are placed in different "piles" and then used to create a profile.
Which of the following is NOT an advantage to an automated patch update service? Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.
Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
Which of the following is NOT a memory vulnerability? DLL injection Variable overflow Buffer overflow Pointer deference
Variable overflow
What allows for a single configuration to be set and then deployed to many or all users? Active Directory Command Configuration Snap-In Replication (SIR) Group Policy
Group Policy
Which of the following can be used to secure a laptop or mobile device? Mobile chain Security tab Mobile connector Cable lock
Cable lock
Which of the following types of testing uses unexpected or invalid inputs? Runtime testing Dynamic analysis Stress testing Static analysis
Dynamic analysis
Which statement about a mantrap is true? It requires the use of a cipher lock. It is a special keyed lock. It monitors and controls two interlocking doors to a room. It is illegal in the United States.
It monitors and controls two interlocking doors to a room.
Which type of residential lock is most often used for keeping out intruders? Privacy lock Passage lock Encrypted key lock Keyed entry lock
Keyed entry lock
Which of the following is NOT a motion detection method? Radio frequency Infrared Magnetism Moisture
Moisture
Which type of operating system runs on a firewall, router, or switch? Network OS Device OS Resource OS Server OS
Network OS
Which of the following is NOT a characteristic of an alarmed carrier PDS? Requires periodic visual inspections Carrier can be hidden above the ceiling Uses continuous monitoring Eliminates the need to seal connections
Requires periodic visual inspections
Which of the following is NOT a typical OS security configuration? Disabling default accounts/passwords Disabling unnecessary ports and services Employing least functionality Restricting patch management
Restricting patch management
Which of the following is a cumulative package of all patches? Hotfix Service pack Rollup Patch
Service pack
Which stage is a "quality assurance" test that verifies the code functions as intended? Production stage Development stage Testing stage Staging stage
Staging stage
Which of the following is NOT a reason why supply chain infections are considered especially dangerous? It is virtually impossible to closely monitor every step in the supply chain. Supply chains take advantage of the trusted "chain of trust" concept. If the malware is planted in the ROM firmware of the device this can make it 5 or sometimes even impossible to clean an infected device. Users are receiving infected devices at the point of purchase and are completely unaware that a brand new device may be infected.
Supply chains take advantage of the trusted "chain of trust" concept
How can an SDIO card be made secure? Using the security mechanisms on a standard Wi-Fi network. Requiring a username before accessing the SDIO card. Turning on patch updates to the SDIO card. SDIO cards are natively secure and no security settings are needed.
Using the security mechanisms on a standard Wi-Fi network.
Which model uses a sequential design process? Secure model Waterfall model Agile model Rigid model
Waterfall model
Which of these is a list of approved email senders? Yellowlist Bluelist Blacklist Whitelist
Whitelist
A lock that extends a solid metal bar into the door frame for extra security is the _____. triple bar lock deadman's lock deadbolt lock full bar lock
deadbolt lock
