Shared Flashcard Set

Details

Security ch 17-18
Security ch 17-18
34
Computer Science
Undergraduate 1
09/28/2013

Additional Computer Science Flashcards

 


 

Cards

Term
SSMTP uses TCP port
Definition
465
Term
HTTPS uses TCP port
Definition
443
Term
Which are the most common exploit used to hack into a system?
Definition
Buffer overflows
Term
The spiral model is characterized by iterative development, where requirements and solutions evolve through an ongoing collaboration between self-organizing, cross-functional teams.
Definition
false
Term
What is used to compare program responses to known inputs and comparison of the output to desired output?
Definition
Use cases
Term
The Terms RC4 and 3DES refer to
Definition
Encryption algorithms used to encrypt data
Term
Inlining is using an embedded control from another site, with or without the other site's permission.
Definition
true
Term
In the secure development lifecycle, employing use cases to compare program responses to known inputs, and then comparing the outputs to the desired outputs should take place in which phase?
Definition
testing phase
Term
Lease privilege refers to removing all controls from a system.
Definition
false
Term
Which of the following in a browser guarantees perfect security?
Definition
There is no guarantee of perfect security.
Term
Errors found after development is complete are expensive.
Definition
true
Term
Fuzzing is a powerful tool used in testing code.
Definition
true
Term
Unvalidated input that changes the code functioning in an unintended way is which type of coding error?
Definition
injection
Term
With the RSA and Diffie-Hellman handshakes
Definition
Parameters are agreed upon and certificates and keys are exchanged.
Term
FTP encrypts traffic by default.
Definition
FALSE
Term
Generating true random numbers is a fairly trivial task.
Definition
FALSE
Term
What is the waterfall model characterized by?
Definition
c. A linear, multistep process
Term
Authenticode is used to encrypt program code so that it is more difficult for hackers to reverse engineer it.
Definition
FALSE
Term
Which of the following do not enhance the security of the browser?
Definition
Browser plug-ins
Term
Scoring the efforts to reduce the effects of threats occurs in which step of threat modeling?
Definition
Step 9-Determine and score mitigation
Term
Which is a 100% secure method to download applications from the Internet?
Definition
THERE IS NONE
Term
CVE provides security personnel with a common language to use when discussing vulnerabilities.
Definition
TRUE
Term
Using SSL protects your data from interception by devices such as key loggers.
Definition
FALSE
Term
HTTPS uses TCP port 443.
Definition
TRUE
Term
When the function of code is changed in an unintended way, it is an example of code injection.
Definition
TRUE
Term
Which is related to a code injection error?
Definition
SQL
Term
One way a user can feel confident that the code they are downloading is from a legitimate vendor and has not been modified is with the implementation of
Definition
Authenticode
Term
ActiveX refers to
Definition
a. A collection of APIs, protocols, and programs developed by Microsoft to automatically download and execute code over the Internet
Term
The Open Vulnerability and Assessment Language (OVAL) ___________.
Definition
Is an XML framework for describing vulnerabilities
Term
Creating a graphical representation of the required elements for an attack vector occurs in which step of Threat Modeling?
Definition
Step 8-Create threat trees
Term
What is the one item that could labeled as the "most wanted" item in coding security?
Definition
d. Buffer overflow
Term
Common Gateway Interface (CGI) security issues include
Definition
a. Poorly configured CGIs can crash when users input unexpected data.
Term
In the secure development lifecycle, in which phase should minimizing the attack surface area take place?
Definition
DESIGN PHASE
Term
The specific security needs of a program being developed should be defined in the design phase of the secure development lifecycle.
Definition
FALSE
Supporting users have an ad free experience!