4.4 Security Architecture and Tool Sets Flashcards Preview

CySA+ CS0-001 > 4.4 Security Architecture and Tool Sets > Flashcards

Flashcards in 4.4 Security Architecture and Tool Sets Deck (31)
Loading flashcards...
1
Q

what is the purpose of filters on a web server?

A

they limit the traffic that is allowed through

2
Q

what is the purpose of sandbox in a java applet?

A

it prevents java applets from accessing unauthorized areas on a user’s computer

3
Q

which error condition arises because data is not checked before input to ensure that it has an appropriate length?

A

buffer overflow errors

4
Q

when does fuzzing occur?

A

when unexpected values are provided as input to an application to make the application crash

5
Q

what are the FIVE phases of the system development life cycle (SDLC)?

A
  1. initiation
  2. development and acquisition
  3. implementation and assessment
  4. operations and maintenance
  5. disposal
6
Q

what is the purpose of a decompiler?

A

to re-create the source code in some high-level language

7
Q

which type of attack runs code within another process’s address space by making it load a dynamic link library?

A

a DLL injection attack

8
Q

what is the purpose of fuzz testing?

A

to identify bugs and security flaws within an application

9
Q

what are alternate terms for cross-site request forgery (XSRF)?

A

session riding or one-click attack

10
Q

which application hardening method requires that your organization periodically checks with the application vendor?

A

patch management

11
Q

what is the most significant misuse of cookies?

A

misuse of personal data

12
Q

when does fuzzing occur?

A

when unexpected values are provided as input to an application in an effort to make the application crash

13
Q

what does a race condition typically attack?

A

the delay between time of check (TOC) and time of use (TOU)

14
Q

when does a cross-site scripting (XSS) attack occur?

A

it occurs when an attacker locates a vulnerability on a web site that allows the attacker to inject malicious code into a web application

15
Q

what is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information on future web visits?

A

a cookie

16
Q

what is the purpose of an application disassembler?

A

to read and understand the raw language of the program

17
Q

what is the purpose of a fail-safe error handler?

A

to ensure that the application stops working, reports the error, and closes down

18
Q

what is an application backdoor?

A

lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms

19
Q

what is cross-site request forgery (XSRF)?

A

unauthorized commands coming from a trusted user to a user or web site, usually through social networking

20
Q

what should application developers do to prevent race condition attack?

A

create code that processes exclusive-lock resources in a certain sequence and unlocks them in reverse order

21
Q

what is the best protection against cross-site scripting? (XSS)?

A

disable the running of scripts

22
Q

what is the purpose of secure code review?

A

it examines all written code for any security holes that may exist

23
Q

what is a cookie?

A

a web client test file that stores persistent settings for a web server

24
Q

what is the purpose of input validation?

A

to ensure that data being entered into a database follows certain parameters

25
Q

what is the purpose of application hardening?

A

it ensures that an application is secure and unnecessary services are disabled

26
Q

which error occurs when the length of the input data is more than the length that processor buffers can handle?

A

buffer overflow

27
Q

which type of attack is characterized by an attacker who takes over the session of an already authenticated user?

A

hijacking

28
Q

what is a zero-day exploit?

A

an attack that exploits a security vulnerability on the day the vulnerability becomes generally known

29
Q

when does a persistent XSS attack occur?

A

when data provided to the web application is first stored persistently on the server and later displayed to users without being encoded using HTML on the Web client

30
Q

which type of attack intercepts an established TCP session?

A

TCP hijacking or session hijacking

31
Q

which type of attack enables an intruder to capture and modify data traffic by rerouting the traffic from a network device to the intruder’s computer?

A

network address hijacking