Tag: security

Questions Related to security

A security concern that is prevalent in distributed environments and systems is
technology security

  1. Knowing the proper proxy and default gateway

  2. Knowing whom to trust

  3. Knowing what authentication method is most appropriate

  4. Knowing how to resolve hostnames

Show answer
Correct Option: B

Who is ultimately responsible for making sure data is classified and protected?
technology security

  1. Data owners

  2. Users

  3. Administrators

  4. Management

Show answer
Correct Option: D

Who has the primary responsibility of determining the classification level for information?
technology security

  1. Functional Manager

  2. Senior Management

  3. The owner

  4. The user

Show answer
Correct Option: C

Which group causes the most risk of fraud and computer compromises?
technology security

  1. Employees

  2. Hackers

  3. Attackers

  4. Contractors

Show answer
Correct Option: A

Spoofing can be described as which of the following:
technology security

  1. Eavesdropping

  2. Working through a list of words

  3. Session Hijacking

  4. Pretending to be someone or something else

Show answer
Correct Option: D
Explanation:

To solve this question, the user needs to have a basic understanding of cybersecurity. The user must be able to identify the correct definition of the term "spoofing."

Now, let's go through each option and explain why it is right or wrong:

A. Eavesdropping: This option is incorrect. Eavesdropping is the act of listening to private conversations or communications without authorization. It is not the same as spoofing.

B. Working through a list of words: This option is incorrect. Working through a list of words has no relation to spoofing. It might be related to password cracking or brute-force attack.

C. Session Hijacking: This option is incorrect. Session hijacking is a type of attack in which an attacker takes control of a user session after successfully obtaining or generating an authentication session ID.

D. Pretending to be someone or something else: This option is correct. Spoofing is a type of cyberattack in which an attacker creates a fake identity or uses a legitimate one to gain unauthorized access to information or to make it appear that someone or something else is communicating.

The Answer is: D

An example of Anti Automation technique is
technology security

  1. Captcha

  2. Session Mgmt

  3. Whitelisting of inputs

  4. Blacklisting of inputs

Show answer
Correct Option: A

Complete the following statement: One of the general rules of secure Configuration Management is to remove/disable _____.
technology security

  1. unused request types or methods

  2. manuals and installation documents

  3. examples

  4. All

Show answer
Correct Option: D

Which of the following statements does NOT describe SQL Injection?
technology security

  1. SQL Injection is a type of security exploit in which the attacker is able to call built-in stored procedures

  2. SQL Injection attack technique forces a web site to echo client-supplied data, which executes in a user's web browser

  3. SQL Injection is a type of security exploit in which the attacker adds SQL statements in the user input

  4. SQL Injection attacks allow a malicious individual to execute undesired SQL statements

Show answer
Correct Option: B

Which of the following is incorrect with respect to Application Denial of Service?
technology security

  1. Application Denial of Service attacks tend to exploit flaws in application design/architecture & implementation to prevent legitimate access to victim’s services

  2. Application Denial of Service has 2 typical types: Account Lockout & Database Slowdown

  3. Application developers should implement a strong positive validation mechanism at the server side, capable of filtering out malicious code/scripts from the user input.

  4. Use principle of full privilege to provide grant access to a service/resource in the web application to the end users/clients

Show answer
Correct Option: D

Which vulnerability from options below has a higher probability to result in a password compromise through Brute-Force attack?
technology security

  1. Passwords transmitted in clear text over an insecure channel

  2. Weak password policy

  3. Encrypted passwords stored in configuration files

  4. Passwords stored in clear text configuration files

Show answer
Correct Option: B