1. The main focus when securing application software is confidentiality.

1. True

2. False

  2. Which type of application attack attempts to add more authority to the current process?

1. Privilege spoofing

2. Identity escalation

3. Privilege escalation

4. Identity spoofing

  3. Which of the following is the best first step in securing application software?

1. Install all of the latest patches.

2. Harden the operating system.

3. Configure application software using least privilege.

4. Perform penetration tests to evaluate vulnerabilities.

  4. A ________ is an attractive target because it is the primary client of web applications.

  5. Why does JavaScript pose potential security risks?

1. JavaScript can contain malware and run on the client.

2. JavaScript can contain malware and run on the server.

3. JavaScript requires that you divulge sensitive authentication details.

4. JavaScript is outdated and generally used by older web applications.

  6. Enabling secure connections ensures email messages are encrypted between sender and recipient.

1. True

2. False

  7. Which of the following is a simple step to make email clients more secure?

1. Use EFS/BitLocker to store email messages on the server.

2. Install third-party message encryption.

3. Turn off message preview.

4. Remove email clients and use server-based email access.

  8. Which of the following steps can increase the security of all application software?

1. Install anti-malware software.

2. Use whole disk encryption on client workstations.

3. Run SCT on workstations.

4. Require SSL/TLS for connections to a web server.

  9. You use Windows server roles to configure each Windows server computer to perform only one task.

1. True

2. False

10. A URL can contain commands the web server will execute.

1. True

2. False

11. How do you install IIS on a Windows Server computer?

1. Purchase IIS and install it.

2. Download IIS for free and install it.

3. Add the Web Server (IIS) role to a server.

4. Install IIS from the Windows install DVD.

12. A ________ is any statement that accesses data in a database.

13. ________ encrypts all data in a database without requiring user or application action.

14. SQL injection attacks are possible only against popular Microsoft SQL Server databases.

1. True

2. False

15. Is requiring secure connections between your web server and your application server worth the overhead and administrative effort?

1. No, because both the web server and application server are inside your secure network.

2. Yes, because your web server is in the demilitarized zone (DMZ) and is Internet-facing.

3. No, because secure connections between high-volume servers can dramatically slow down both servers.

4. Yes, because your application server is in the DMZ and is Internet-facing.