Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
Access control lists are set on the
|
Web server
|
|
True or False
Virus- protection software will detect any virus |
False
|
|
ACLs require this before proceeding
|
username and password
|
|
True or False
When a server's TCP backlog fills with half-open connections, the server host will reboot. |
False
|
|
The following may indicate an intruder is present
|
Increased CPU usage
Increased memory usage Increased network activity |
|
Why is it important to know the normal behavior of a machine?
|
Abnormal behavior may indicate an intruder
|
|
True or False
An intruder is harmless as long as he or she does not modify or destroy any data, but simply looks around after compromising your security. |
False
|
|
True or False
If a hacker gains superuser the only thing you can do to fully recover is to reinstall the machine. |
True
|
|
Why should passwords be changed for machines that were not hacked but reside on the same network as the hacked machine?
|
The intruder could have run a packet sniffer to collect passwords
|
|
True or False
The size of a log file never changes |
False
|
|
What types of cryptography does SSL utilize
|
Single and Private Keys
|
|
Two layers in the Internet protocol stack does SSL operate
|
Application and TCP/UDP (transport)
|
|
True or False
Public key cryptography requires that one key in a key pair be kept secret. |
True
|
|
True or False
Bounds checking is the act of determining if the amount of data being assigned fits in the allocated buffer space |
True
|
|
True or False
When a server's TCP backlog fills with half-open connections, the server host will reboot. |
False
|
|
SSL provides which of the following
|
Authentication and
Encryption |
|
Not a form of authentication
|
Login name
|
|
Authentication is which of the following
|
Proving you are who you claim to be
|
|
Contain client side risks
|
Cookies
ActiveX controls Java applets JavaScript |
|
Type of risks are present with cookies
|
Privacy
|
|
Best way to protect against JavaScript risks
|
Disable JavaScript in your Web browser
|
|
Javascript can?
|
Change what is displayed in a browser s window
|
|
Authenticode?
|
Name of the security mechanism used by ActiveX
|
|
An applet differ from a stand-alone program, how?
|
An applet requires an applet viewer or Java-enabled browser to be run
|
|
What limitation is present when a referrer check is used?
|
The Web client must send the referrer data in its request
|
|
What is a buffer overflow?
|
A bug that writes more data to memory than was allocated
|
|
Tainted variable
|
A variable whose value contains special shell interpreted characters
|
|
Why is passing user-supplied data to external shells dangerous?
|
The data could contain special interpreted characters
|
|
Poorly written source code can lead to
|
Security holes
Poor performance Unnecessary long programs |
|
Why is it a bad choice to have CGI run as the same user as the Web server
|
Files the Web server user owns could then be manipulated by the CGI user
|