MIS399 Chapter17 (Quiz 6)

  1. A browser helper object (BHO) has unrestricted access to the Internet Explorer event model and can perform tasks such as capturing keystrokes.  True
  2. A signed applet can be hijacked.  True
  3. A(n) __________ outlines the proper settings and configurations for an application or set of applications.  application configuration baseline
  4. Buffer overflow is one of the most common web attack methodologies.  False
  5. Certificates vouch for code security.   False
  6. Certificates vouch for code security.   False
  7.  Compilers create runtime code that can be executed via an interpreter engine, like a Java virtual machine (JVM), on a computer system.   False
  8. FTP encrypts traffic by default.  False
  9. FTP encrypts traffic by default.  False
  10. In the case of an FTP server, which account allows unlimited public access to the files and is commonly used when you want to have unlimited distribution?  Anonymous
  11. In which phase of the secure development lifecycle model would you employ use cases?  Testing phase
  12. JavaScript is part of the Java environment   False
  13. JavaScript is part of the Java environment.   False
  14. Least privilege refers to removing all controls from a system.  False
  15. Server-side scripts are executable programs that are either interpreted or that run in virtual machines.   True
  16. The generation of a real random number is a trivial task.  False
  17. The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.  False
  18. TLS is dead and SSL is the path forward.  False
  19. What application is associated with TCP Ports 989 and 990?   FTPS
  20. What application is associated with TCP Ports 989 and 990?  FTPS
  21. What does the term spiral method refer to?  A software engineering process category
  22. What is the goal of TCP?  To send an unauthenticated, error-free stream of information between two computers.
  23. When using Secure FTP (SFTP) for confidential transfer, what protocol is combined with FTP to accomplish this task?  Secure Shell (SSH)
  24. When using Secure FTP (SFTP) for confidential transfer, what protocol is combined with FTP to accomplish this task?  Secure Shell (SSH)
  25. Which attack is a code injection attack in which an attacker sends code in response to an input request?    Cross-site scripting attack
  26. Which attack is a code injection attack in which an attacker sends code in response to an input request?  Cross-site scripting attack
  27. Which attack is the most common exploit used to hack into software?  Buffer overflow
  28. Which attack works on both SSL and TLS by transparently converting the secure HTTPS connection into a plain HTTP connection, removing the transport layer encryption protections?  SSL stripping attack
  29. Which browser plug-in allows the user to determine which domains have trusted scripts?  NoScript
  30. Which cryptographic protocols can be used by SSL/TLS?   Diffie-Hellman and RSA
  31. Which phase of the secure development lifecycle model is concerned with minimizing the attack surface area?   Design phase
  32. Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present?   HTTPS Everywhere
  33. Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present?   HTTPS Everywhere
  34. Which port does HTTP traffic travel over by default?  TCP port 80
  35. Which port is used by SSMTP?   TCP port 465
  36. Which port is used by SSMTP?   TCP port 465
  37. Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection?  FTP
  38.  Which protocol is used for the transfer of hyperlinked data over the Internet, from web servers to browsers?  HTTP
  39. Which statement describes the primary purpose of JavaScript?  The primary purpose of JavaScript is to enable features such as validation of forms before they are submitted to the server.
  40. Which term describes a collection of technologies that is designed to make Web sites more useful for users?   Web 2.0
  41. Which term describes a piece of code that is distributed to allow additional functionality to be added to an existing program?  Add-on
  42. Which term describes a piece of code that is distributed to allow additional functionality to be added to an existing program?  Add-on
  43. Which term is a means of signing an ActiveX control so that a user can judge trust based on the control’s creator?  Authenticode
  44. Which term refers to the process by which application programs manipulate strings to a base form, creating a foundational representation of the input?   Canonicalization
  45. Which term refers to the process of checking whether the program specification captures the requirements from the customer?   Validation
  46. Which type of attack can be used to execute arbitrary commands in a database?   SQL injection
  47. Which type of testing involves running the system under a controlled speed environment?  Load testing

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 99

Leave a Reply

Your email address will not be published. Required fields are marked *