Tag: security

Questions Related to security

A security concern that is prevalent in distributed environments and systems is
technology security

  1. Knowing the proper proxy and default gateway

  2. Knowing whom to trust

  3. Knowing what authentication method is most appropriate

  4. Knowing how to resolve hostnames

Show answer
Correct Option: B

Who is ultimately responsible for making sure data is classified and protected?
technology security

  1. Data owners

  2. Users

  3. Administrators

  4. Management

Show answer
Correct Option: D

Who has the primary responsibility of determining the classification level for information?
technology security

  1. Functional Manager

  2. Senior Management

  3. The owner

  4. The user

Show answer
Correct Option: C

Which group causes the most risk of fraud and computer compromises?

technology security

  1. Employees

  2. Hackers

  3. Attackers

  4. Contractors

Show answer
Correct Option: A

Spoofing can be described as which of the following:
technology security

  1. Eavesdropping

  2. Working through a list of words

  3. Session Hijacking

  4. Pretending to be someone or something else

Show answer
Correct Option: D
Explanation:

To solve this question, the user needs to have a basic understanding of cybersecurity. The user must be able to identify the correct definition of the term "spoofing."

Now, let's go through each option and explain why it is right or wrong:

A. Eavesdropping: This option is incorrect. Eavesdropping is the act of listening to private conversations or communications without authorization. It is not the same as spoofing.

B. Working through a list of words: This option is incorrect. Working through a list of words has no relation to spoofing. It might be related to password cracking or brute-force attack.

C. Session Hijacking: This option is incorrect. Session hijacking is a type of attack in which an attacker takes control of a user session after successfully obtaining or generating an authentication session ID.

D. Pretending to be someone or something else: This option is correct. Spoofing is a type of cyberattack in which an attacker creates a fake identity or uses a legitimate one to gain unauthorized access to information or to make it appear that someone or something else is communicating.

The Answer is: D

An example of Anti Automation technique is

technology security

  1. Captcha

  2. Session Mgmt

  3. Whitelisting of inputs

  4. Blacklisting of inputs

Show answer
Correct Option: A

AI Explanation

To answer this question, let's go through each option to understand why it is correct or incorrect:

Option A) Captcha - This option is correct because Captcha is a widely used anti-automation technique. It is used to distinguish between humans and automated bots by presenting a challenge that is easy for humans to solve but difficult for bots.

Option B) Session Mgmt - Session management is not specifically an anti-automation technique. It is used to manage user sessions and maintain state between requests.

Option C) Whitelisting of inputs - Whitelisting of inputs is not necessarily an anti-automation technique. It is a security practice that involves allowing only pre-approved or trusted inputs and blocking all others.

Option D) Blacklisting of inputs - Blacklisting of inputs is not an anti-automation technique. It involves creating a list of known malicious inputs and blocking them. However, it is not effective against new or unknown types of attacks.

The correct answer is A) Captcha. This option is correct because Captcha is a commonly used anti-automation technique to differentiate between humans and bots.

Complete the following statement: One of the general rules of secure Configuration Management is to remove/disable _____.

technology security

  1. unused request types or methods

  2. manuals and installation documents

  3. examples

  4. All

Show answer
Correct Option: D

AI Explanation

To answer this question, you need to understand the general rules of secure Configuration Management. Let's go through each option to understand why it is correct or incorrect:

Option A) Unused request types or methods - This option is incorrect. While it is good practice to remove/disable unused request types or methods, it is not the only general rule of secure Configuration Management.

Option B) Manuals and installation documents - This option is incorrect. While it is important to secure manuals and installation documents, it is not the only general rule of secure Configuration Management.

Option C) Examples - This option is incorrect. While it is important to remove/disable examples to prevent potential security vulnerabilities, it is not the only general rule of secure Configuration Management.

Option D) All - This option is correct. One of the general rules of secure Configuration Management is to remove/disable all unused request types or methods, manuals and installation documents, and examples. By removing or disabling these elements, the attack surface of the system is reduced, limiting potential vulnerabilities and improving overall security.

The correct answer is D) All. This option is correct because it encompasses all the general rules of secure Configuration Management, which include removing/disabling unused request types or methods, manuals and installation documents, and examples.

Which of the following statements does NOT describe SQL Injection?
technology security

  1. SQL Injection is a type of security exploit in which the attacker is able to call built-in stored procedures

  2. SQL Injection attack technique forces a web site to echo client-supplied data, which executes in a user's web browser

  3. SQL Injection is a type of security exploit in which the attacker adds SQL statements in the user input

  4. SQL Injection attacks allow a malicious individual to execute undesired SQL statements

Show answer
Correct Option: B

Which of the following is incorrect with respect to Application Denial of Service?

technology security

  1. Application Denial of Service attacks tend to exploit flaws in application design/architecture & implementation to prevent legitimate access to victim’s services

  2. Application Denial of Service has 2 typical types: Account Lockout & Database Slowdown

  3. Application developers should implement a strong positive validation mechanism at the server side, capable of filtering out malicious code/scripts from the user input.

  4. Use principle of full privilege to provide grant access to a service/resource in the web application to the end users/clients

Show answer
Correct Option: D

Which vulnerability from options below has a higher probability to result in a password compromise through Brute-Force attack?
technology security

  1. Passwords transmitted in clear text over an insecure channel

  2. Weak password policy

  3. Encrypted passwords stored in configuration files

  4. Passwords stored in clear text configuration files

Show answer
Correct Option: B