What protocol should be used when transferring confidential data in a Web application

Subject: General Questions    / General General Questions
Question

Module 8 final exam

Question 1 (1 point) Question 1 Unsaved

What protocol should be used when transferring confidential data in a Web application?

Question 1 options:

HTTP

SMTP

FTP

HTTPS

Save

Question 2 (1 point) Question 2 Unsaved

An online merchant that experiences a security breach and found not to be in compliance with PCI DSS can:

Question 2 options:

all of the above.

suffer monetary loss.

lose their reputation.

have lawsuits directed against them.

Save

Question 3 (1 point) Question 3 Unsaved

What does XSS exploit in a Web application?

Question 3 options:

Buffer overflows

Invalidated user input

Misconfigured servers

Weak accountability

Save

Question 4 (1 point) Question 4 Unsaved

What is the first step when performing a Web site security assessment?

Question 4 options:

Identify the components that make up the Web site.

Perform penetration testing to discover vulnerabilities.

Test forms for input validation.

Attempt to escalate privileges on the Web site.

Save

Question 5 (1 point) Question 5 Unsaved

When using an endpoint device, for which type of communication do you need to install software to encrypt communications?

Question 5 options:

E-mail

Cellular voice

Internet browsing

Instant messaging/chat

Save

Question 6 (1 point) Question 6 Unsaved

An extension of SMS that allows a user to send and receive multimedia is called __________.

Question 6 options:

VMS

LMS

BMS

MMS

Save

Question 7 (1 point) Question 7 Unsaved

Which Web technology allows a Web application’s logged-on users to use the application continuously without having to log in each time a page is refreshed?

Question 7 options:

Session management

HTTP management

Elevation of privileges

Fault tolerance

Save

Question 8 (1 point) Question 8 Unsaved

The central router or switching device for handling telephone traffic is referred to as __________.

Question 8 options:

PBX

TSX

TRX

PTX

Save

Question 9 (1 point) Question 9 Unsaved

Which of the following merchant levels must scan the networks at least quarterly to be in compliance with PCI DSS?

Question 9 options:

Level 3 (20,000 to 1 million transactions a year)

Level 2 (1 million to 6 million transactions a year)

All merchants, no matter the size, must scan at least quarterly

Level 1 (more than 6 million transactions a year)

Save

Question 10 (1 point) Question 10 Unsaved

Which of the following is not considered a best practice for improving the security of a mobile device?

Question 10 options:

Install or enable a firewall.

Ensure the browser supports SSL.

Install or enable anti-malware functionality.

Disable the encryption feature.

Save

Previous PageNext Page

Question 11 (1 point) Question 11 Unsaved

Which of the following can help you pinpoint problems with an e-commerce site?

Question 11 options:

All of the above

Visitor paths

Shopping cart abandonment statistics

Bounce rate

Save

Question 12 (1 point) Question 12 Unsaved

An e-commerce Web site that processes credit cards must comply with:

Question 12 options:

PCI DSS

HIPAA

Federal regulations

World Wide Web consortium standards

Save

Question 13 (1 point) Question 13 Unsaved

You are designing a Web site that showcases and sells fine jewelry. Which of the following will be the most useful to your visitors?

Question 13 options:

A call to action

A link to the About Us tab

Clear images

A benefits statement

Save

Question 14 (1 point) Question 14 Unsaved

What is a markup language that uses code for formatting a Web site within a text file?

Question 14 options:

SSL

HTTP

TCP/IP

HTML

Save

Question 15 (1 point) Question 15 Unsaved

After deploying a Web site application in a production environment, which of the following requires the quickest response time by developers?

Question 15 options:

Responding to a security breach

Responding to user feedback regarding a usability suggestion

Enhancing features

Responding to intermittent error messages about a resource limitation

Save

Question 16 (1 point) Question 16 Unsaved

Consider a person who logs into a Web site with a username and password. Which process allows the user access based upon correct credentials?

Question 16 options:

Authorization

Authentication

Accountability

Auditing

Save

Question 17 (1 point) Question 17 Unsaved

What is the secure version of Hypertext Transfer Protocol?

Question 17 options:

SFTP

HTTPS

SSH

E-HTTP

Save

Question 18 (1 point) Question 18 Unsaved

Which of the following is not an example of store-and-forward communication?

Question 18 options:

Voice mail

A message on Facebook

Presence/availability

E-mail

Save

Question 19 (1 point) Question 19 Unsaved

What is generally not a best practice for implementing VoIP?

Question 19 options:

Patch systems and keep antivirus software up to date.

Use VLANs to protect and prioritize VoIP traffic.

Do not use VPNs.

Segregate traffic from data network.

Save

Question 20 (1 point) Question 20 Unsaved

Which of the following is a best practice for performing a security assessment and vulnerability scan?

Question 20 options:

Ensuring that system administrators are unaware of the planned attacks.

Using multiple tools for the same function.

Hiring a black-hat hacker to perform the planned attacks.

Ignoring authenticated testing and relying on non-authenticated scans.

Question 21 (1 point) Question 21 Unsaved

Which of the following techniques is recommended for VoIP traffic to avoid attacks on the data network?

Question 21 options:

Use an IDS.

Purchase a different domain name for the IP address use.

Use VLANs.

Disallow network traffic from the firewall.

Save

Question 22 (1 point) Question 22 Unsaved

Which phase of a Web security assessment involves conducting fingerprinting to help identify the components of the Web site platform?

Question 22 options:

Penetration

Enumeration

Report

Attack

Save

Question 23 (1 point) Question 23 Unsaved

Which of the following statements best describes bounce rate?

Question 23 options:

The rate of single-page visits to the Web site

The rate of users who reload the Web page

The rate of users who have server reset timeouts

The rate of users who have experienced an error message

Save

Question 24 (1 point) Question 24 Unsaved

During which aspect of a multimedia connection does SIP discover and detect the user to be reached?

Question 24 options:

User capabilities

User location

User availability

Session setup

Save

Question 25 (1 point) Question 25 Unsaved

Which of the following is not one of the twelve requirements for PCI DSS compliance?

Question 25 options:

Regularly test security systems and processes.

Maintain a policy that addresses security for employees and contractors.

Track and monitor all access to network resources and cardholder data.

Never store any of the cardholder’s information in a database or other storage mechanism.

Save

Question 26 (1 point) Question 26 Unsaved

Your company is preparing to launch an SQL database with a custom front-end interface. You are working with the development team on protection strategies. Of the following, which is the best choice for protecting your new SQL database and its contents?

Question 26 options:

Allow only administrative accounts to access the database.

Duplicate data within the database for redundancy purposes.

Use input validation.

Use many different and detailed error messages so that users can be exact when reporting problems to tech support.

Save

Question 27 (1 point) Question 27 Unsaved

How are dynamic Web applications that accept user input susceptible to insecure coding practices?

Question 27 options:

Developers can fail to properly validate input on the client side.

User data can be authenticated but not validated.

Encrypted user connections expose programming security holes.

Developers can fail to properly validate data on the server side.

Save

Question 28 (1 point) Question 28 Unsaved

Consider a person who logs into a Web site with a username and password. Which process tracks mechanisms used to keep a record of events on the system?

Question 28 options:

Authorization

Auditing

Accountability

Authentication

Save

Question 29 (1 point) Question 29 Unsaved

What is the primary purpose of the headline on a Web page?

Question 29 options:

To attract visitors’ attention and entice them to keep reading

To tell your visitors what to do on your Web site

To ensure a higher SEO ranking

To show how your product or service solves an immediate problem

Save

Question 30 (1 point) Question 30 Unsaved

You suspect that visitors are having difficulties navigating your Web site. Which Web site analytic statistic can help you determine if this is true?

Question 30 options:

Network performance

Shopping cart abandonment

Visitor location

Visitor path

Save

Previous PageNext Page