Tag: security

Questions Related to security

Which of the following is used to ensure availability in software?
technology security

  1. Encryption

  2. Hashing

  3. Recovery

  4. Redundancy

Show answer
Correct Option: C

How does software exhibit graceful degradation in response to a denial-of-service (DoS) attack?
technology security

  1. Fail-over to a higher-availability service

  2. Vary its response times to subsequent requests

  3. Disconnect the affected connectivity point

  4. Fail-over to a hot standby

Show answer
Correct Option: B

Which security design principle espouses the practice “Security should not depend on security-through-obscurity”?

technology security

  1. Defense-in-depth

  2. Open design

  3. Complete mediation

  4. Analyzability

Show answer
Correct Option: B

AI Explanation

To answer this question, you need to understand the concept of "security-through-obscurity" and the corresponding security design principle.

Option A) Defense-in-depth - This option is incorrect. Defense-in-depth is a security design principle that advocates for implementing multiple layers of security measures to protect against potential threats. It does not specifically address the practice of "security-through-obscurity."

Option B) Open design - This option is correct. Open design is a security design principle that emphasizes the importance of not relying on secrecy or hiding security mechanisms. It promotes the idea that security should be based on the strength of the design and not on keeping the design secret. Therefore, it aligns with the practice of "Security should not depend on security-through-obscurity."

Option C) Complete mediation - This option is incorrect. Complete mediation is a security design principle that focuses on the concept of ensuring that every access to a system or resource is checked and authorized. It does not directly relate to the practice of "security-through-obscurity."

Option D) Analyzability - This option is incorrect. Analyzability is a security design principle that emphasizes the importance of being able to analyze and understand the security mechanisms and design of a system. While it is related to the overall security of a system, it does not specifically address the practice of "security-through-obscurity."

The correct answer is B) Open design. This option is correct because it aligns with the principle that "Security should not depend on security-through-obscurity." Open design promotes the idea that security should be based on the strength of the design and not on keeping the design secret.

Taking advantage of rapid recovery features at the system level is part of what secure design principle?
technology security

  1. Design for survivability

  2. Design for secure failure

  3. Design for controllability

  4. Design for redundancy

Show answer
Correct Option: A

Which of the following provides control over the trust features in a software application?
technology security

  1. Security management interfaces

  2. Secure configuration management

  3. Application container

  4. Security manager

Show answer
Correct Option: A

Something you know and something you have are authentication:
technology security

  1. Passwords

  2. Factors

  3. Credentials

  4. Identities

Show answer
Correct Option: B

Drawbacks of Web application firewall technology include:

technology security

  1. Detection of some attacks

  2. Configuration and performance

  3. Flexible policy enforcement

  4. Specialized security knowledge

Show answer
Correct Option: B

AI Explanation

To answer this question, let's go through each option to understand why it is correct or incorrect:

Option A) Detection of some attacks - This option is incorrect because one of the advantages of web application firewall technology is its ability to detect and prevent various types of attacks, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).

Option B) Configuration and performance - This option is correct because one of the drawbacks of web application firewall technology is the complexity of configuration and its potential impact on performance. Implementing and properly configuring a web application firewall can be a time-consuming and challenging task. Additionally, if the firewall rules are not optimized correctly, it can lead to false positives or false negatives, affecting the performance and functionality of the web application.

Option C) Flexible policy enforcement - This option is incorrect because web application firewall technology offers flexible policy enforcement. It allows administrators to define and enforce specific security policies based on their requirements, such as blocking specific types of requests or preventing unauthorized access.

Option D) Specialized security knowledge - This option is incorrect because while deploying and managing a web application firewall may require some level of specialized security knowledge, it is not necessarily a drawback of the technology itself. Specialized security knowledge is often required for any security solution implementation to ensure its effectiveness.

The correct answer is B) Configuration and performance. This option is correct because the complexity of configuration and potential impact on performance are common drawbacks of web application firewall technology.

Authentication and session management are security concerns of which programming language?
technology security

  1. C

  2. Java

  3. .NET

  4. Managed Code

Show answer
Correct Option: B
Explanation:

To solve this question, the user needs to have knowledge about security concerns related to programming languages.

Authentication and session management are security concerns that are relevant to web applications. They ensure that users are who they claim to be and that the information stored on the server is secure.

Now, let's go through each option and explain why it is right or wrong:

A. Java: This option is correct. Java is a popular programming language for web applications, and it has built-in features for authentication and session management. Java web applications use a session ID to identify each user's session, and the server uses this ID to retrieve the user's session data.

B. .NET: This option is also correct. .NET is a framework for building web applications, and it includes features for authentication and session management. .NET web applications use cookies to store session information, and the server retrieves this information using the session ID in the cookie.

C. Managed Code: This option is too broad to be correct or incorrect. Managed code refers to code that is executed by a runtime environment, such as Java or .NET. While both Java and .NET use managed code, this option does not specify which language or framework is being referred to.

D. C: This option is incorrect. C is a programming language that is not commonly used for web applications, and it does not have built-in features for authentication and session management. While it is possible to implement these features in C, it would require more manual coding than using a language like Java or .NET.

The Answer is: A or B

In the OSI reference model, on which layer can a telephone number be described?
technology security

  1. Layer1, as a telephone number represents a series of electrical impulses

  2. Layer 3, because a telephone number describes communication between different networks

  3. This depends on the nature of the telephony system (for instance, Voice-over-IP versus public switched telephony network (PSTN))

  4. None, as the telephone system is a circuit-based network and the OSI system only describes packet-switched networks

Show answer
Correct Option: C

In which of the following situations is the network itself not a target of attack?
technology security

  1. A denial-of-service attack on servers on a network

  2. Hacking into a router

  3. A virus outbreak saturating network capacity

  4. A man-in-the-middle attack

Show answer
Correct Option: C