Information Technology /Cyber-Security: Chapter 10
Cyber-Security: Chapter 10
This flashcard deck covers key concepts and questions related to cyber-security, specifically focusing on application security, web server vulnerabilities, and database connections.
What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?
input validation
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?
input validation
What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?
input validation
The AccessFileName directive in Apache, along with a configuration file (such as .htaccess), can be used to perform which of the following on a Web site?
Restrict directory access to those with authorized user credentials.
Which of the following is an alternative term used when referring to Application Security?
AppSec
Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
SQLOLEDB
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it? | input validation |
What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it? | input validation |
The AccessFileName directive in Apache, along with a configuration file (such as .htaccess), can be used to perform which of the following on a Web site? | Restrict directory access to those with authorized user credentials. |
Which of the following is an alternative term used when referring to Application Security? | AppSec |
Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers? | SQLOLEDB |
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input? | injection |
What tag is used to indicate ASP code? | <% %> |
What is the specific act of checking a user’s privileges to understand if they should or should not have access to a page, field, resource, or action in an application? | authorization |
HTML Web pages containing connection strings are more vulnerable to attack. True or False? | True |
Web servers use which of the following elements in an HTML document to allow an individual to submit information to the Web server? | |
Entering the value OR 1=1 in a Web application that has an “Enter Your PIN” field is most likely an example of which attack? | SQL injection |
If a Web server isn’t protected, an attacker can gain access through remote administration interfaces. True or False? | True |
OLE DB relies on connection strings that enable the application to access the data stored on an external device. | True |
Which of the following can be used to connect a Web server to a back-end database server? (Choose all that apply.) | OLE DB |
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser? | cgi-bin |
Which of the following vulnerabilities occur when untrusted data is accepted as input to an application without being properly validated? | injection vulnerability |
Adobe System’s ColdFusion uses its proprietary tags, which are written in which of the following languages? | CFML |
CGI is used in Microsoft ASP pages. True or False? | False |
Which of the following application tests analyzes an application’s source code for vulnerabilities, and is therefore only possible when the source code of an application is available? | Static Application Security Testing |
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN. | True |
Which specific type of tag do All CFML tags begin with? | CF |
Which JavaScript function is a “method” or sequence of statements that perform a routine or task? | getElementById() |
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)? | OLE DB |
A user can view the source code of a PHP file by using their Web browser’s tools. | False |
IIS is used on more than twice as many Web servers as Apache Web Server. True or False? | False |
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities? | Microsoft Security Bulletin |
What is authorization testing? | Testing an application's access control mechanisms to ensure only users who should have access to resources do |
An HTML Web page containing ASP code must be compiled before running. True or False? | False |
Which of the following is an open-source technology for creating dynamic HTML Web pages? | PHP |
Which of the following is the interface that determines how a Web server passes data to a Web browser? | CGI |