User Account

All Pages

How to avoid sql injection

Assignment Help Management Information Sys
Reference no: EM131314948

Foundations of Information Security and Assurance Assignment

Part 1: True and False Questions.

1. A one-time pad is a safe house used only once by an undercover agent.  

2. AES uses the Indirect-Rijndael algorithm.

3. A hash algorithm uses a one-way cryptographic function, whereas both secret-key and public-key systems use two-way (i.e., reversible) cryptographic functions.         

4. In terms of privacy laws, companies have no advantage over the government in terms of the types of data that a company can collect. Public companies and governments are subject to the same laws and statues (i.e. HIPPA and GLBA) regarding data collection.

5. Consider data that is stored over time in a mandatory access control based system. The contents of files containing highly classified ("top secret") information are not necessarily more trustworthy than material stored in files marked unclassified.

6. 3DES (Triple DES) requires the use of three independent keys.

7. Deleting the browsing history and cookies in a computer system can completely delete the recently visited sites.  

8. A Denial-of-Service attack does not require the attacker to penetrate the target's security defenses.  

9. The biggest advantage of public-key cryptography over secret-key cryptography is in the area of key management/key distribution.

10. Packet filters protect networks by blocking packets based on the packets' contents.  

Part 2:  Multiple Choice Questions. 

1. Methods to avoid SQL injection include which of the following:

a. Providing functions to escape special characters.

b. Built-in functions that strip input of dangerous characters.

c. Techniques for the automatic detection of database language in legacy code.

d. Techniques for the automatic detection of SQL language in legacy code.

e. All of the above.

2. Protection of a software program that uses a unique, novel algorithm could be legally protected by:

a. A patent

b. A copyright

c. A notary

d. Ethical standards

e. All of the above.

3. If person A uses AES to transmit an encrypted message to person B, which key or keys will A have to use:

a. A's private key

b. A's public key

c. B's private key

d. B's public key

e. None of the keys listed above.

4. Choose the right statement(s):

a. On change-controlled system, you should run automatic updates to prevent security patches from introducing instability.

b. A malicious driver can potentially bypass many security controls to install malware.

c. It is critical that the operating system be kept as up to date as possible, with all critical security related patched installed.

d. The operating system planning process should consider the categories of users on the system, and the privileges they have.

e. All of the above.

5. Broad categories of payloads that malware may carry include which of the following:

a. Corruption of system or data files;

b. Theft of service in order to make the system a zombie agent of attack as part of a botnet;

c. Theft of information from the system, especially of logins, passwords or other personal details by key logging or spyware programs;

d. Stealthing where the malware hides it presence on the system from attempts to detect and block it;

e. All of the above.

6. SELinux implements different types of MAC: ________________________.

a. Role Based Access Controls and Type Enforcement

b. Multi Level Security

c. Multi Task Level Security                         

d. User Based Access Controls and Format Enforcement

e. None of the above.

7. Security threats include which of the following:

a. Hurricanes

b. Disgruntled employees

c. Unlocked doors

d. Un-patched software programs

e. All of the above.

8. The basic step(s) should be used to secure an operating system:

a. Install and register the operating system.

b. Harden and configure the operating system to adequately address the identified security needs of the system.

c. Installing and configure additional security controls, such as anti-virus, host-based firewalls, and intrusion detection systems (IDS), if needed.

d. Test the security of the basic operating system to ensure that the steps taken adequately address its security needs.

e. All of the above.

9. Denial of service attacks include:

a. DNSspoofing

b. Smurf attack

c. Ping of death

d. SYN flood

e. All of the above.

10. Countermeasures against subdomain DNS cache poisoning include which of the following:

a. Firewalls

b. SPR

c. DNSSEC uses RRSIG and DNSKEY records

d. DNSSEC employing a chain of trust

e. All of the above.

Reference no: EM131314948

Questions Cloud

Getting reported to human resources : How can a leader with love decrease the issues that are so often getting reported to Human Resources? How would you apply love in your leadership?
What is the firms cash conversion cycle : What is the firm's cash conversion cycle?- How many times per year is the firm's inventory turnover, if sales are $4,000,000 per year?
Examine the given fields in the spreadsheet : Examine the fields in the spreadsheet. Classify, sort, or group data in a way that the outliers become apparent. An example would be to sort by the total cancellations. Keep all data, but highlight the sales consultants that are outliers.
What should be the value of the stock : A stock pays dividends of $1.00 at t = 1. (D1 is provided here, not D0) It is growing at 30% between t =1 and t = 2, after which the growth rate drops to 11%, and will continue at that rate into the future. If the discount rate for this stock is 13%,..
How to avoid sql injection : INFA 610 Foundations of Information Security and Assurance Assignment. Methods to avoid SQL injection include which of the following:
Implement and critique analytic and interpretative technique : Identify and explain 3 ethical issues related to the ABC Learning collapse - what are the major financial reports? What is the purpose of each report - What are the characteristics of a good internal control system?
Structure and genetic properties of dna : What is the structure and genetic properties of DNA?
Discuss about the legislator communication : This written assignment requires the student to investigate his/her local, state and federal legislators and explore their assigned committees and legislative commitments. The student is expected to investigate current and actual legislative initi..
Calculate average heat of reaction within this temperature : The equilibrium constant for the dissociation of N204 has the values 0.664 and 0.141 at the temperatures 318 K and 298 K, respectively. Calculate the average heat of reaction within this temperature range.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Describe the regulatory requirements for implementation

Research and identify at least two regulatory requirements that the institution must consider before moving forward. The requirements should pertain to information systems and security within financial institutions or publically traded companies.

  Demonstrates outstanding or exemplary mastery of content

Demonstrates outstanding or exemplary mastery of content, appropriate to the assignment and the relevant terminal course objectives and program learning outcomes.

  Write about categories of sercives that require cryptography

Create a fake business that does e-business and write about its main offerings and services. Write about the categories of information/ or sercives that will require cryptography applications.

  Development specialist to develop these functionalities

The mobile application side of this solution will require secure and encrypted connections. Please work with your Security and Network Specialists to develop an appropriate solution for wireless communication in the mobile application. Include the..

  Gneral security concerns such as traffic control crowd

select an event from the following list or choose your own idea for an event as approved by your facilitatormiddot

  What is the role of a content management system

MIS101 Define ‘social computing' and discuss how it can improve business services and what is the role of a content management system? How can it help an organisation gain a competitive advantage?

  Prepare a presentation for john and michael

Supply Chain Concerns - Prepare a presentation for John and Michael, explaining some of the common symptoms/problems of supply chain management.

  Explain the process within public key systems

Role of Technology, etc. and Explain the process within public key systems if you want to support non-repudiation and securing the message.

  Moving to the cloud

Describe ONE benefit and ONE risk associated with moving to cloud computing or services. Explain how you would mitigate that risk.

  Compare the construction accident causation model

Describe the benefits and limitations of the STAMP model, the Construction Accident Causation model, and the Accident Causation Management System as each attempt to assist OSHA in the mission of addressing the aspect of human behavior within their..

  Describe the values of the two business intelligence tools

Business intelligence tools are considered the key drivers for many organizations. Identify and evaluate at least two business intelligence tools that could be effectively used to report business performance. Justify your response.

  Discuss the business applications currently being used

Justify the circumstances in a business situation in which you would use GEOS, LEOS, and MEOS. Discuss the business applications currently being used to support VSAT.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd