CYB 240 - 2-2 Reading Quiz

Symmetric cryptography involves how many keys? - 1 - 2 - 3 - 4

1

Which of the following is not a recommended minimum requirement for a password policy? - At least three lowercase letters - At least one non-alphanumeric character - At least two numeric characters - At least two uppercase letters

At least three lowercase letters

If you were to test all the length of all input fields, you would be taking one of the steps to stop what type of attack? - Injection flaws - Clickjack - Insecure cookies - Buffer overflow

Buffer overflow

Symmetric cryptography provides which tenet of the CIA triad? - Availability - Confidentiality - Non-repidiation - Integrity

Confidentiality

Which is not a key component of building string security into the software development life cycle (SDLC)? - Security requirements - Business requirements - Cost-benefit analysis - Threat modeling

Cost-benefit analysis

By implementing technology to identify and prevent internet control message protocol (ICMP) flood attacks, you would be trying to prevent which type of attack? - SQL injection attack - Cross-site scripting attack - Denial-of-service attack - Buffer overflow attack

Denial-of-service attack

Creating a framework for secure coding includes involving the security team. When should the team be involved? - After requirements are detailed - After design - After threat modeling - From the beginning

From the beginning

Passwords should be stored as what type of values? - Complex - Hashed - Non-encrypted - Simple

Hashed

What is the best way to implement the Pragma: No Cache Directive? - Implement it in an HTTPS file header - Write it into a cookie - Write a script to make sure it is applied - Insert it in the meta tag in the header of an HTML page

Insert it in the meta tag in the header of an HTML page

What is considered the most common cause for security breaches? - Insufficient training - Insufficient patch management - Insufficient IT systems - Insufficient funding

Insufficient patch management

Developing and deploying service packs and patches to manage security threats is part of which stage of the waterfall SDLC? - System analysis - Designing - Testing - Maintenance

Maintenance

Asymmetric cryptography is also known as - Private key cryptography - Public key cryptography - Cipher key cryptography - Block key cryptography

Public key cryptography

What are you trying to prevent by giving the lowest possible privileges to any party trying to communicate with the database or its server? - Buffer overflow attacks - Distributed Denial of Service (DDoS) attacks - SQL injection attacks - Clickjack attacks

SQL injection attacks

Which term refers to the process of removing data that exists in memory at the end of a session? - Scrubbing memory - Assessing memory - Deleting memory - Sanitizing memory

Scrubbing memory

What stage comes first in the waterfall SDLC? - Designing - Testing - System analysis - Maintenance

System analysis

What is the main advantage of asymmetric key cryptography over symmetric key cryptography? - The need to distribute the key - The amount of research done on it - The block size of the cipher - The elimination of the need to distribute the key

The elimination of the need to distribute the key

In order to ensure output encoding, characters should be set to which character set? - UTF-16 - Unicode - UTF-8 - ASCII

UTF-8

Which of the following is not part of web application security testing? - Real-time testing - Constant testing and retesting - Using control management tools - Reviewing lines of code

Using control management tools

What is the oldest, best-known methodology for SDLC? - Six Sigma - Agile - Scrum - Waterfall

Waterfall