MIS 4600 FINAL Netsec- Questions and
Answers| Latest Update
1) If a hacker takes over an application program, he or she receives the permissions with which
the program runs. TRUE
2) The most popular way for hackers to take over hosts today is ________.
A) by taking over the operating system
B) by taking over an application
C) by guessing the root password
D) by taking over the user interface B
4) An attacker types more data in a field than the programmer expected. This is a(n) ________
attack.
A) denial-of-service
B) directory traversal
C) buffer overflow
D) XSS C
3) Operating system hardening is more total work than application hardening. FALSE
5) In a stack overflow attack, to where does the return address point?
A) To the beginning of the stack entry's data area
,B) To the end of the stack entry's data area
C) To the next command in the program being hacked
D) To the return address entry in the stack entry A
6) When executing attack code, if the attacker has skillfully overwritten the return address, the
return address will not point back to "data" in the buffer. FALSE
, A) Applications
B) Operating systems
C) Both are about equally time consuming to patch
D) None of the above A
8) Experts advise firms to turn on most or all applications and then harden them. FALSE
9) To prevent eavesdropping, applications should ________.
A) be updating regularly
B) use electronic signatures
C) use encryption for confidentiality
D) use encryption for authentication C
10) Generally speaking, vendors use similar mechanisms for downloading and installing patches.
FALSE
11) The first task in security is to understand the environment to be protected. TRUE
12) Baselines are used to go beyond default installation configurations for high-value targets.
TRUE
13) When securing application configuration settings, default password settings should not be
changed. FALSE
Answers| Latest Update
1) If a hacker takes over an application program, he or she receives the permissions with which
the program runs. TRUE
2) The most popular way for hackers to take over hosts today is ________.
A) by taking over the operating system
B) by taking over an application
C) by guessing the root password
D) by taking over the user interface B
4) An attacker types more data in a field than the programmer expected. This is a(n) ________
attack.
A) denial-of-service
B) directory traversal
C) buffer overflow
D) XSS C
3) Operating system hardening is more total work than application hardening. FALSE
5) In a stack overflow attack, to where does the return address point?
A) To the beginning of the stack entry's data area
,B) To the end of the stack entry's data area
C) To the next command in the program being hacked
D) To the return address entry in the stack entry A
6) When executing attack code, if the attacker has skillfully overwritten the return address, the
return address will not point back to "data" in the buffer. FALSE
, A) Applications
B) Operating systems
C) Both are about equally time consuming to patch
D) None of the above A
8) Experts advise firms to turn on most or all applications and then harden them. FALSE
9) To prevent eavesdropping, applications should ________.
A) be updating regularly
B) use electronic signatures
C) use encryption for confidentiality
D) use encryption for authentication C
10) Generally speaking, vendors use similar mechanisms for downloading and installing patches.
FALSE
11) The first task in security is to understand the environment to be protected. TRUE
12) Baselines are used to go beyond default installation configurations for high-value targets.
TRUE
13) When securing application configuration settings, default password settings should not be
changed. FALSE
