MSIT 3150 - Quiz 5

docx

School

Clark University *

*We aren’t endorsed by this school

Course

3150

Subject

Computer Science

Date

Jan 9, 2024

Type

docx

Pages

8

Uploaded by PrivateMorning9896

Report
Question 1 1 / 1 pts An advantage of dividing up systems into smaller components, or modules, as that you can manage their attack surfaces separately. Correct! True False Question 2 1 / 1 pts If phf was used, by appending an encoded newline plus a shell command to an input field, an an attacker can get the command executed by the web server. Correct! True False Question 3 1 / 1 pts A larger attack surface means it is more likely ______ to exploit & more damage Correct! easier harder
impossible unknown Question 4 0 / 1 pts What should a defender do to protect their systems? (choose 2) Correct! make attack surface as small as possible Correct Answer make sure you know every system entry point make sure no documentation is published use only COTS software because security is guaranteed You Answered disconnect all services from the internet when not in use Question 5 0 / 1 pts Which of the following is NOT considered sources of input? command line file contents
web-based application processes (URL, POST) Correct Answer All of the above are sources of input You Answered None of the above are sources of input Question 6 1 / 1 pts If a user were to enter the following in the Windows command prompt, what would "google.com" be considered? c:\> ping google.com Correct! an argument a network device a command an option Question 7 1 / 1 pts How do we make certain that attackers cannot bypass input validation checking? (select 3 most reasonable answer) disallow all input Correct!
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
identify all input channels Correct! check all inputs from untrusted sources Correct! check input as soon as possible rely on client side checking as much as possible (ie: javascript) Question 8 0 / 1 pts Although it is more taxing, all security-relevant checking should be done at the server level (opposed to the client level). Correct Answer True You Answered False Question 9 1 / 1 pts When creating rules to validate input, it is preferred to used a ____________ for security purposes. Correct! whitelist blacklist
dictionary template report Question 10 0 / 1 pts You should perform input validation ___________ . Correct Answer after decoding You Answered before decoding at the same time as decoding never when most convenient Question 11 1 / 1 pts When validating numbers, what are steps that should be taken? (Select 4) Correct!
check value after converting to a number Correct! check for minimum and max values Correct! verify all values are in an acceptable range Correct! be cautious of weird cases such as NaN, -0, infinity convert all numbers to a text type always use an integer type Question 12 1 / 1 pts A limitation of the ASCII character set is that is cannot represent most languages (other than English) which is why Unicode is recommended. Correct! True False Question 13 1 / 1 pts Visual spoofing is potential dangerous because two different strings could be mistaken as the same by a user. Correct!
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
True False Question 14 1 / 1 pts ______________ is a language for defining patterns of text and is helpful when validating inputs. Correct! regular expressions normalized expressions intrinsic expressions extrinsic expressions a Rosetta Stone Question 15 1 / 1 pts What are some ways to mitigate the risk of metacharacters (*, ?, !, etc) being used as malicious input? (select 3) Correct! escaping functions Correct!
where possible, define input rules that omit metacharacters Correct! utilize prepared statements tell users the input is invalid and not to use them

Related Documents

ACS-1903-050-F2023 Assignment 3.pdf
Case Study week main 3.docx
Screenshot 5.8.2 2.png
assignment3_MECHTRON_3X03.pdf
HomeWork1_ML_Assignment.pdf
McCurley-Shimer_Assignment #4.docx
MSIT 3150-Assignment 3 .docx
Textbook Assignment 3.docx
McCurley-Shimer_Assignment #2.docx
McCurley-Shimer_Assignment #2.docx
Lab 5 - Stego.docx
McCurley-Shimer_Assignment #3.docx
Recommended textbooks for you
Text book image
Microsoft Windows 10 Comprehensive 2019
Computer Science
ISBN:9780357392607
Author:FREUND
Publisher:Cengage
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
A+ Guide To It Technical Support
Computer Science
ISBN:9780357108291
Author:ANDREWS, Jean.
Publisher:Cengage,
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Microsoft Windows 10 Comprehensive 2019
Computer Science
ISBN:9780357392607
Author:FREUND
Publisher:Cengage
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
A+ Guide To It Technical Support
Computer Science
ISBN:9780357108291
Author:ANDREWS, Jean.
Publisher:Cengage,
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS