Saint Leo University COM 520 Chapter 12 1)The main focus when securing application software is confidentiality

Saint Leo University

COM 520

Chapter 12

1)The main focus when securing application software is confidentiality.

A.            True

B.            False

2.            Which type of application attack attempts to add more authority to the current process?

A.            Privilege spoofing

B.            Identity escalation

C.            Privilege escalation

D.            Identity spoofing

3.            Which of the following is the best first step in securing application software?

A.            Install all of the latest patches.

B.            Harden the operating system.

C.            Configure application software using least privilege.

D.            Perform penetration tests to evaluate vulnerabilities.

4.            A____________is an attractive target because it is the primary client of Web applications.

5.            Why are ActiveX controls potential security risks?

A.            ActiveX controls can contain malware and run on the client.

B.            ActiveX controls can contain malware and run on the server.

C.            ActiveX controls require that you divulge sensitive authentication details.

D.            ActiveX controls are outdated and generally used by older Web applications.

6.            Enabling secure connections ensures e-mail messages are encrypted between sender and recipient.

A.            True

B.            False

7.            Which of the following is a simple step to make e-mail clients more secure?

A.            Use EFS/BitLocker to store e-mail messages on the server.

B.            Install third-party message encryption.

C.            Turn off message preview.

D.            Remove e-mail clients and use server-based e-mail access.

8.            Which of the following steps can increase the security of all application software?

A.            Install anti-malware software.

B.            Use whole disk encryption on client workstations.

C.            Run SCW on workstations.

D.            Require SSL/TIS for connections to a Web server.

9.            You use Windows server roles to configure each Windows server computer to perform only one task.

A.            True

B.            False

10.          A URL can contain commands the Web server will execute.

A.            True

B.            False

11.          How do you install IIS on a Windows Server 2008 R2 computer?

A.            Purchase IIS and install it.

B.            Download IIS for free and install it.

C.            Add the Web Server (IIS) role to a server.

D.            Install IIS from the Windows install DVD.

12.          A____________is any statement that accesses data in a database.

13.          __________________encrypts all data in a database without requiring user or application action.

14.          SQL injection attacks are possible only against popular Microsoft SQL Server databases.

A.            True

B.            False

15.          Is requiring secure connections between your Web server and your application server worth the overhead and administrative effort?

A.            No, because both the Web server and application server are inside your secure network.

B.            Yes, because your Web server is in the DMZ and is Internet-facing.

C.            No, because secure connections between high-volume servers can dramatically slow down both servers.

D.            Yes, because your application server is in the DMZ and is Internet-facing.