The Open Vulnerability and Assessment Language (OVAL)

The Open Vulnerability and Assessment Language (OVAL)


Which of the following URL segments signifies that it is secure for transmission over the Internet?
- wwws
- https
- shtml
- aspx

 

·         https

 

The Open Vulnerability and Assessment Language (OVAL) ___________.
- Is an XML framework for describing vulnerabilities
- Is a framework for UDDI data structures to be passed between applications in a language-neutral and platform-independent fashion
- Is used by web browsers to block harmful java scripts from executing on a system
- Is used by a web browser to clean cookies and spy ware off the system hard drive

 

·         Is an XML framework for describing vulnerabilities

 

With the RSA and Diffie-Hellman handshakes
- The server and the client agree on what type of browser to use.
- Parameters are agreed upon and certificates and keys are exchanged.
- Parameters are agreed upon so that java scripts cannot execute inside the client system.
- Office applications are able to e-mail secure documents.

 

·         Parameters are agreed upon and certificates and keys are exchanged.

 

The Terms RC4 and 3DES refer to
- Protocols used by servers to create dynamic websites
- Encryption algorithms used to encrypt data
- Protocols used to create directories for web services
- Classes of XML protocols used for web services

 

·         Encryption algorithms used to encrypt data

 

The SFTP protocol incorporates what into FTP?
- SSL
- Secure java scripting
- 28 bit encryption key
- the TCP protocol

 

·         SSL

 

Which of the following in a browser guarantees perfect security?
- SSL/TLS
- SSH
- Secure java scripting
- There is no guarantee of perfect security.

 

·         There is no guarantee of perfect security

 

Which are the most common exploit used to hack into a system?
- Buffer overflows
- Birthday attacks
- Weak key attacks
- Man-in-the-middle attacks

 

·         Buffer overflows

 

A buffer overflow can best be described as

- A hacker who makes a website that has more content than the browser can handle
- A hacker who sends more data than is expected in an attempt to overwrite legitimate memory
- A hacker who uses an e-mail virus to format the hard drive with junk code
- A hacker who sends repeated requests for information from a server in an attempt to crash the server

 

·         A hacker who sends more data than is expected in an attempt to overwrite legitimate memory

 

Running Java applets from the Web on your system is considered
- A security risk
- Not risky
- Somewhat secure
- Very secure

 

·         A security risk

 

ActiveX refers to
A collection of APIs, protocols, and programs developed by Microsoft to automatically download and execute code over the Internet
- A library of security protocols for Microsoft's Internet Explorer
- A patch to fix a vulnerability that hackers exploit where the user downloads an MP3 file and the buffers of the sound card are overwritten
You Answered
- A method of blocking java scripts that comes from non Microsoft web sites

 

·         A collection of APIs, protocols, and programs developed by Microsoft to automatically download and execute code over the Internet

 

Common Gateway Interface (CGI) security issues include
- Poorly configured CGIs can crash when users input unexpected data.
- CGI can only be programmed in one insecure language.
- CGI can only perform one process at a time making it very susceptible to denial of service attacks.
- CGI will only work with Internet Explorer

 

·         Poorly configured CGIs can crash when users input unexpected data

 

Which is more secure?
- Common Gateway Interface (CGI)
- Server side scripting
- Third-party scripting
- All are equally secure

 

·         Server side scripting

 

TCP Ports 989 and 990 are associated with what application?
- SSL/TLS 3.0
- SPOP3
- SFTP
- FTPS

 

·         FTPS

 

Which is a 100% secure method to download applications from the Internet?

- Signed applets
- SSH
- HTTPS
- There is none.

 

·         There is none

 

Which of the following do not enhance the security of the browser?

- Browser plug-ins
- Patches
- Disabling javascript
- Rejecting cookies

 

·         Browser plug-ins

 

One way a user can feel confident that the code they are downloading is from a legitimate vendor and has not been modified is with the implementation of
- SSL
- Authenticode
- SFTP
- HTTPS

 

·         Authenticode

 

The protocol that provides a method for the transfer of files, both to and from a server is
- Telnet
- SSH
- SNMP
- FTP

 

·         FTP

 

Your boss would like you to make company files available to the general public, but does not want you to have to create user accounts for anyone that would want access to the file transfer. In this case you should use
- FTP
- Blind FTP
- SFTP
- FTPS

 

·         Blind FTP

 

SSMTP uses TCP port

- 25
- 110
- 465
- 456

 

·         465

 

HTTPS uses TCP port
- 433
- 443
- 344
- 434

 

·         443

 

Answer Detail

Get This Answer

Invite Tutor