Cyber treat Week4

docx

School

Grand Rapids Community College *

*We aren’t endorsed by this school

Course

CYBER SECU

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

10

Uploaded by ConstableWildcatMaster401

Report
Congratulations! You passed! Grade received 100% Latest Submission Grade 100% To pass 80% or higher Go to next item 1. Question 1 True or False. A security architect's job is to make sure that security considerations are balanced against other design aspects such as usability, resilience and cost. 1 / 1 point True FALSE Correct Correct! 2. Question 2 Which of these is an aspect of an Enterprise Architecture? 1 / 1 point Maps the main components of a problem space and solution at a very high level. Gives the technology perspectives in detail Describes how specific products or technologies are used Shows the internal data and use of reusable or off-the-shelf components Correct Correct! 3. Question 3 Which of these is an aspect of a Solution Architecture? 1 / 1 point Does not describe the internals of the main components or how they will be implemented Shows the internal data and use of reusable or off-the-shelf components Considers the needs of the entire organization Maps the main components of a problem space and solution at a very high level Correct Correct! 4. Question 4 Which three (3) of these are features of Architecture Building Blocks (ABBs)? (Select 3) 1 / 1 point Product and vendor neutral Correct Partially correct! Specifies the technical components to implement a function Guides the development of a Solution Architecture Correct Partially correct! Captures and defines requirements such as function, data, and application Correct Partially correct! 5. Question 5 Which three (3) of these are Architecture Building Blocks (ABBs)? (Select 3)
1 / 1 point Identity and Access Management Correct Partially correct! Key Security Manager Infrastructure and Endpoint Security Correct Partially correct! Detect and Respond Correct Partially correct! 6. Question 6 Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3) 1 / 1 point Web Application Firewall (WAF) Correct Partially correct! Privilege Access Manager Correct Partially correct! Hardware Token Correct Partially correct! Application Security 7. Question 7 The diagram below shows which level of architecture? 1 / 1 point High Level Security Architecture Enterprise Security Architecture Domain-specific Enterprise Security Architecture Solution Architecture Correct Correct! 8. Question 8
Solution architectures often contain diagrams like the one below. What does this diagram show?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1 / 1 point Functional components and data flow Enterprise architecture Solution architecture overview External context and boundry diagram Correct Correct! 9. Question 9 Solution architectures often contain diagrams like the one below. What does this diagram show? 1 / 1 point Functional components and data flow Enterprise architecture External context and boundary diagram Architecture overview Correct Correct! 10. Question 10 What is lacking in a security architecture pattern that prevents it from being used as a finished design? 1 / 1 point The context of the project at hand Proper level of abstraction Vendor selections Proper formatting Correct Correct! 11. Question 11 What are the possible consequences if a bug in your application becomes known?
1 / 1 point It is embarrassing to your company Financial losses via lawsuits and fines can be very significant Government agencies can impose fines and other sanctions against your company All of the above Correct Correct! 12. Question 12 What was the ultimate consequence to Target Stores in the United States from their 2013 data breach in which over 100M records were stolen? 1 / 1 point Costs and fines estimated at $1B. Costs and fines that forced the company into bankruptcy Criminal negligence charges were filed 3 Target executives, 1 of whom received a prison sentence Costs of $10M and reputational damage only. Correct Correct! 13. Question 13 Select the two (2) top vulnerabilities found in common security products. (Select 2) 1 / 1 point Use of hard-coded credentials Cross-site request forgery Correct Partially correct! Cross-site scripting Correct Partially correct! SQL Injection 14. Question 14 True or False. If you can isolate your product from the Internet, it is safe from being hacked. 1 / 1 point True False Correct Correct! 15. Question 15 Which three (3) things can Cross-site scripting be used for? (Select 3) 1 / 1 point Harvest credentials Correct Partially correct! Take over sessions Correct Partially correct! Steal cookies Correct Partially correct! Break encryption
16. Question 16 True or False. Commonly a Reflect XSS attack is sent as part of an Email or a malicious link and affects only the the user who receives the Email or link. 1 / 1 point True False Correct Correct! 17. Question 17 Cross-site scripting attacks can be minimized by using HTML and URL Encoding. How would a browser display this string?: &lt;b&gt;Password&lt;/b&gt; 1 / 1 point <<Password>> &lt;b&gt;Password&lt;/b&gt; Password <b>Password</b> Correct Correct! 18. Question 18 Which three (3) statements about whitelisting user input are true? (Select 3) 1 / 1 point Single quotes should never be allowed as user input Special characters should only be allowed on an exception basis Correct Partially correct! Whenever possible, input should be whitelisted to alphanumeric values to prevent XSS Correct Partially correct! Whitelisting reduces the attack surface to a known quantity Correct Partially correct! 19. Question 19 Which two (2) statements are considered good practice for avoiding XSS attacks (Select 2) 1 / 1 point Use strict whitelists on accepting input Correct Partially correct! Develop you own validation or encoding functionality that is customized for your application Encode all data output as part of HTML and JavaScript Correct Partially correct! Use blacklists and client-side validation 20. Question 20
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
How would you classify a hactivist group who thinks that your company's stance on climate change threatens the survival of the planet? 1 / 1 point A threat A vector A risk A vulnerability Correct Correct! 21. Question 21 Which software development lifecycle is characterized by short bursts of analysis, design, coding and testing during a series of 1 to 4 week sprints? 1 / 1 point Agile and Scrum Iterative Spiral Waterfall Correct Correct! 22. Question 22 Which software development lifecycle is characterized by a series of cycles and an emphasis on security? 1 / 1 point Waterfall Iterative Spiral Agile and Scrum Correct Correct! 23. Question 23 Which form of penetration testing allows the testers no knowledge of the systems they are trying to penetrate in advance of their attack to simulate an external attack by hackers with no knowledge of an organizations systems? 1 / 1 point Black Box Testing Gray Box Testing Red Box Testing White Box testing Correct Correct! 24. Question 24 Which application testing method requires a URL to the application, is quick and cheap but also produces the most false-positive results? 1 / 1 point IAST Interactive Application Security Testing PAST: Passive Application Security Testing SAST: Static Application Security Testing DAST: Dynamic Security Application Testing
Correct Correct! 25. Question 25 Which type of application attack would include buffer overflow, cross-site scripting, and SQL injection? 1 / 1 point Authentication Authorization Input validation Configuration management Correct Correct! 26. Question 26 Which type of application attack would include unauthorized access to configuration stores, unauthorized access to administration interfaces and over-privileged process and service accounts? 1 / 1 point Auditing and logging Authentication Exception management Configuration management Correct Correct! 27. Question 27 Which one of the OWASP Top 10 Application Security Risks would occur when authentication and session management functions are implemented incorrectly allowing attackers to compromise passwords, keys or session tokens. 1 / 1 point Broken access control Broken authentication XML external entities (XXE) Sensitive data exposure Correct Correct! 28. Question 28 Which one of the OWASP Top 10 Application Security Risks would occur when restrictions on what a user is allowed to do is not properly enforced? 1 / 1 point Insecure deserialization Broken access control Cross-site scripting Security misconfiguration Correct Correct! 29. Question 29 Which of these threat modeling methodologies is integrated seamlessly into an Agile development methodology? 1 / 1 point
P.A.S.T.A. TRIKE VAST STRIDE Correct Correct! 30. Question 30 Security standards do not have the force of law but security regulations do. Which one of these is a security regulation? 1 / 1 point NIST 800-53 ISO 27034/24772 PCI-DSS HIPAA Correct Correct! 31. Question 31 Which phase of DevSecOps would contain the activities Secure application code, Secure infrastructure configuration, and OSS/COTS validation? 1 / 1 point Release, deploy & decommission Code & build Plan Test Operate & monitor Correct Correct! 32. Question 32 Which phase of DevSecOps would contain the activities Detect & Visualize, Respond, and Recover? 1 / 1 point Operate & monitor Plan Test Release, deploy & decommission Code & build Correct Correct! 33. Question 33 The Deploy step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities? 1 / 1 point IAM controles to regulate authorization Data backup cleansing Versioning of infrastructure Creation of Immutable images Correct Correct! 34.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Question 34 The Respond step in the DevSecOps Operate & Monitor phase contains which of these activities? 1 / 1 point Inventory Chaos engineering Virtual Patching Root Cause Analysis Correct Correct!

Related Documents

ExecutiveSummaryTemplate (3) CMIT 326 assignment 1.docx
Assignment Ch 3 Apply Yourself Quiz Shaquaris Magee.docx
Unit 1 Individual Project SDLC Process Sharvas Owens.docx
Marketing Week3.docx
Topic 2 DQ 2.docx
Cyber treat Week5.docx
Incident Management Response Week5.docx
Incident Management Response Week3.docx
Incident Management Response Week1.docx
Incident Management Response Week2.docx
1.docx
70-687 MLO Lab 24 Andrew_Spiker.docx