Chapter 7 - Host, Data, and Application Security Flashcards Preview

Security + > Chapter 7 - Host, Data, and Application Security > Flashcards

Flashcards in Chapter 7 - Host, Data, and Application Security Deck (32)
Loading flashcards...
1

what is the most common approach to implementing a database?

7 - 215

relational database

2

this language is the most commonly used language when speaking to databases

7 - 216

Structured Query Language

3

Contrast the 3 database system models.

7 - 216

one tier - database and application exist on a single system
two tier - client workstation runs an application that communicates with the database that is running on a different server
three tier - there is a middle tier server that operates between the client and the database server

4

there is a difference in benefits between the SQL server and the NoSQL server. what is that difference?

7 - 217

NoSQL can handle structured, semistructured, and unstructured data. SQL is good for structured data

5

what's the problem with Big Data?

7 - 218

hard to manage

6

you have a mini-network with one purpose: store data. what is this network called?

7 - 218

Storage Area Network (SAN)

7

what is fuzzing?

7 - 218

providing unexpected values as input to an application in order to make it crash

8

how can you prevent fuzzing?

7 - 218

make sure your input is of the expected type

9

what is the only prevention for cross-site scripting and sql injection?

7 - 218

secure coding

10

what is OWASP?

7 - 219

voluntary group dedicated to forming secure coding practices for web-based applications

11

there is another group responsible for secure coding. what is that group?

7 - 219

CERT, the Computer Emergency Response Team

12

can baselining be done with metrics, applications, or both?

7 - 219

both

13

tell me the difference between a hotfix, a patch, and a service pack? how are they similar?

7 - 220

hotfix - immediate and urgent, applied to the system
patch - additional functionality, non urgent fix
service pack - cumulative assortment of hotfixes and patches

similar because they are all patches to the operating system

14

tell me the 5 user permissions, going from least restrictive to most restrictive

7 - 220,221

full control
modify
read and execute
read
write

15

in your own words, tell me what an access control list is

7 - 221

a list of who can access what resource and at what level

16

there are 6 things you can do to keep hosts safe from malware. what are they?

7 - 221, 222

install antivirus software
install antispam filters
install antispyware software
use pop-up blockers
use host-based firewalls
use host-based IDSs

17

true-false: a web application firewall can look at every single request between a web client and a web server for the purpose of identifying attacks

7 - 226

true

18

security baselining is also known as performance baselining. what input does it provide?

7 - 227

the input needed to design, implement, and support a secure network

19

what two things can you do to harden your web servers?

7 - 228

run filters to limit traffic to what is required and only what is required

only run scripts that have been tested, debugged, and approved for use

20

what can you do to harden your email servers?

7 - 228

use an active virus scanner

21

other than replacing your FTP server with SFTP, what are four things you can do to harden your FTP servers?

7 - 229,230

create a separate drive or sub-directory on the system to allow file transfers
use VPN or SSH connections for FTP type activities
use separate logon accounts and passwords for FTP access
always disable the anonymous user account

22

how can you minimize DNS DoS attacks?

7 - 230

keep the server software and OS software updated and make sure to use two-factor authentication

23

attackers use footprinting to find a means of entering your network and learning its configuration. what can you do to dash away their dreams?

7 - 231

the network information you have on an external DNS server should be kept to a bare minimum

24

what will happen if a bogus record is inserted into a DNS server?

7 - 231

the record will point to the location the attacker intends to compromise rather than to a legitimate site.

25

what happens in DNS poisoning? how is the stolen information used?

7 - 231

a daemon caches DNS reply packets.

info is used in a break-in or man-in-the-middle attack

26

briefly describe the three types of backups

7 - 233

full - all changes to the data are archived
differential - all changes since the last full backup are archived
incremental - all changes since the last backup of any type are archived

27

there are 7 types of RAID. list them.

7 - 235

0 - striped disks. minimum 2 disk, no fault tolerance.
1 - mirroring. minimum 2 disks
3/4 - striped disks with dedicated parity. 3 or more disks.
5 - striped disks with distributed parity, 3 or more disks.
6 - striped disks with dual parity, 4 or more disks
1+0 - a stripe of mirrors, 4 disks minimum
0+1 - mirror of stripes, 4 disks minimum

28

when you have multiple computers working together a a single server, what is that called?

7 - 235

clustering

29

what can you do to obtain high availability?

7 - 235

load balancing

30

there is a list of application security issues you should be aware of. list them for me.

7 - 235

key management - cryptography and keys
credential management - user names and passwords
authentication - problem in mobile devices
geo-tagging - GPS
encryption - increases security
application white-listing - list of apps allowed on network
transitive trust/authentication - A=B=C