Web Security Overview

Questions and Answers

What does web security encompass?

Preventing physical break-ins at business premises

Securing only virtual private networks (VPNs)

Enhancing social media presence

Protecting websites from attacks and defending cloud services (correct)

Which technique allows an attacker to exploit vulnerabilities in a database's search process?

VPN Encryption

Firewall Configuration

SQL Injection (correct)

Cross-site Scripting

What can a hacker achieve using SQL Injection?

Increase internet speed

Modify website's design

Capture sensitive information (correct)

Change firewall settings

What vulnerability does Cross-site Scripting (XSS) exploit?

Client-side script insertion vulnerability

Why is web security crucial for business operations?

To ensure smooth operation by protecting against cyber attacks

Under which category does the protection of a virtual private network (VPN) fall?

Cloud security

What is the primary purpose of the Desktop Security Policy?

To reduce security risks associated with unauthorized software installation

According to the policy, which type of users cannot self-install software on their machines?

Users without administrative privileges

What does it mean for the G.Brint Ryan College of Business standard Windows 10 software image to be 'secured'?

Users have limited access to basic tasks on their machines

How does the Desktop Security Policy help reduce the risks of 'hacker' attacks?

By restricting software installations like instant messenger programs

What happens when individuals need software packages not included in the standard image according to the policy?

They are required to consult with Business Information Technology Services

Which action is NOT permitted by users under the Default Policy in relation to software?

Installing any software they need

What method could perpetrators use to intercept data by posing as an authorized party in the data transmission?

IP spoofing

How do attackers often exploit email as an entry point for gaining access to valuable company data?

By sending deceptive messages

What technique aims to protect email accounts, content, and communication against unauthorized access, loss, or compromise?

Email encryption

Which action is often taken by attackers to install malware on a victim's device through email?

Sending deceptive messages

What is the primary purpose of email encryption in terms of email security?

Protecting sensitive information from unauthorized access

Which of the following can be achieved by sending large amounts of jumbled or unmanageable data to block legitimate traffic?

Data interception

What security measure should be taken to protect data both at rest and in transit?

Encryption with best-in-class standards

Which security practice involves handling encryption keys according to best-practice guidelines?

Handling encryption keys properly

What is a critical step in ensuring application/web server security when interacting with a database?

Subjecting the web server to ongoing security testing

Which action helps in establishing the correct controls and policies for accessing the database itself?

Performing database security standard audits

What is a recommended practice for securing all backups, copies, or images of a database?

Subjecting backups to the same security controls as the database

Why is it crucial to implement layered security controls across the entire network environment for database security?

To prevent potential attack channels from compromising the database

What is one of the main purposes of web security?

To protect against stolen data attacks

How do attackers use phishing to obtain sensitive information?

Sending fake emails that look legitimate

What does an attacker aim to achieve with session hijacking?

Take control of a user's session and perform actions in their name

What is the risk associated with malicious redirects?

Infecting a user's computer with malware

How do attackers use SEO spam to distract visitors?

By putting abnormal links or comments on a site