CMGT 431 Week 2 Individual Assignment Applying Software Threat Analysi


Ask a Question

CMGT 431 Week 2 Individual Assignment Applying Software Threat Analysis and Mitigation

Sale price $20.00 Regular price $40.00

Complete the review quizzes at the end of chapters 3 and 4
 
Chapter 3 Review Questions
1. A media player that is running within a web browser is known as a(n):
a. Agent
b. Mashup
c. Applet
d. Script
2. The chief advantage of web-based applications is:
a. Client-side software updates are unnecessary
b. Built-in SSL encryption
c. Ease of use
d. Better security
3. Enterprise Java Bean, Distributed Common Object Model, and Java Remote Method Invocation are examples of:
a. Object request brokers
b. Object oriented frameworks
c. Object oriented languages
d. Distributed systems
4. An attacker is experimenting with an application by inserting long strings of machine language code in the application’s input fields. The attacker is attempting:
a. A Denial of Service attack
b. A buffer overflow attack
c. A stack smashing attack
d. Any of the above
5. A risk manager requires that his organization implement a control to prevent application attacks. The best solution is to use:
a. Multitier architecture
b. Code reviews
c. An application vulnerability scanner
d. An application firewall
6. An astute security engineer has discovered that two accomplices are communicating with each other via hidden messages within images on a blogsite. The security engineer has discovered:
a. Emanations
b. A side channel attack
c. A covert channel
d. Steganography
7. Rootkits can be difficult to discover because:
a. They subvert the operating system
b. They install themselves in master boot records (MBRs)
c. They install themselves in flash memory
d. They use hidden processes
8. The purpose of a bot army is:
a. To launch Denial of Service attacks
b. To relay spam, host phishing sites, or launch Denial of Service attacks
c. To remotely control zombie computers
d. To build a massively parallel system
9. An IT manager is considering an anti-spam solution. Because one of the primary concerns is e-mail server performance, which solution can be eliminated from consideration?
a. Appliance
b. Outsourced
c. Server-based
d. Client-based
10. Web beacons are an effective site usage tracker because:
a. They use hidden form variables
b. Browsers cannot detect them
c. Browsers do not block them
d. They are encrypted
11. The most effective countermeasure for malware is:
a. Rootkit detection
b. Decreasing user privilege levels
c. Anti-virus
d. Firewalls
12. The primary purpose for decreasing user privilege levels is:
a. To reduce support costs
b. To limit the effects of malware
c. To improve system performance
d. All of the above
13. Which of the following is NOT normally used in system hardening:
a. Changing TCP/IP parameters
b. Removing unnecessary services
c. Removing unnecessary NICs
d. Renaming administrator userids
14. The purpose of input field filtering is:
a. To prevent input injection attacks
b. To detect application scanning
c. To prevent SQL injection attacks
d. To detect unsafe code
15. The best time to develop application test plans is:
a. During requirements and specifications development
b. During application design
c. During application testing
d. During application coding
 
CHAPTER 4Review Questions
1. The purpose of a Business Impact Analysis (BIA) is to determine:
a. The impact of a disaster
b. The extent of damage in a disaster
c. Which business processes are the most critical
d. Which processes depend on IT systems
2. During the early phases of a disaster recovery project, the project team needs to identify the disaster scenarios that can jeopardize the ongoing viability of the organization.
The team should perform:
a. A business impact analysis
b. A threat analysis
c. A walkthrough test
d. A failover test
3. Maximum Tolerable Downtime (MTD) should be determined by:
a. The project manager
b. The risk manager
c. Senior management
d. The threat modeling tool
4. Recovery Time Objective (RTO) is defined as:
a. The maximum length of time that a business process will be unavailable during a disaster
b. The maximum amount of data loss during a disaster
c. The point-in-time when a recovery is initiated after a disaster
d. The maximum period of time that a business can tolerate downtime during a disaster
5. Recovery Point Objective (RPO) is defined as:
a. The maximum length of time that a business process will be unavailable during a disaster
b. The maximum amount of data loss during a disaster
c. The point-in-time when a recovery is initiated after a disaster
d. The maximum point in time that a business can tolerate downtime during a disaster
6. The purpose of a criticality analysis is:
a. Develop a rank ordered list of the most critical threats
b. Develop a rank ordered list of the most critical business processes
c. Develop a rank ordered list of the most critical vulnerabilities
d. Develop a rank ordered list of the most critical staff
7. Because of limited resources, Company A cannot develop disaster recovery plans for all of its process. What should Company A use to determine which processes require recovery plans?
a. Those that are ranked highest in the criticality analysis
b. Those with the lowest MTD values
c. Those with the highest MTD values
d. Those that are ranked lowest in the criticality analysis
8. Which should be protected first during a disaster:
a. Critical business records
b. Critical systems
c. Backup media for critical systems
d. Personnel
9. The purpose of UPS is:
a. Filter electric power created by an electric generator
b. Delivery of critical supplies during a disaster
c. Protection of electric generators during a power failure
d. Continuous electric power during a power failure
10. Over a period of several years, an organization has exceeded the capacity of its emergency electric generator. The organization should:
a. Increase UPS capacity to make up the difference
b. Purchase a larger generator that can handle the entire workload
c. Purchase an additional generator so that the old and new generators together willgenerate enough power
d. Decrease UPS capacity to make up the difference
11. An organization is experiencing a large number of spikes, surges, and noise on its incoming electric power. The organization should consider:
a. An electric generator
b. An uninterruptible power supply (UPS)
c. A line conditioner
d. A power distribution unit
12. An organization has just completed development of a disaster recovery plan. The first test of the plan that should be performed is:
a. Parallel
b. Simulation
c. Walkthrough
d. Cutover
13. A company has determined that its Recovery Time Objective (RTO) for a critical system is three minutes. In order to ensure the continuous availability of its critical systems, the company should consider:
a. An active-passive geographic server cluster
b. An active-active local server cluster
c. An active-passive local server cluster
d. An active-active geographic server cluster
14. A company has determined that its Recovery Time Objective (RTO) for critical systems is two hours. In order to facilitate a timely resumption of critical applications, the company should consider:
a. Data replication to servers in a hot site
b. Data replication to servers in a warm site
c. Clustered servers
d. Disk to disk backup
15. The risk associated with a cutover test is:
a. A failure will result in a service interruption
b. A failure will result in data loss
c. A failure will result in data corruption
d. Adverse publicity

Questions & Answers

Have a Question?

Be the first to ask a question about this.

Ask a Question