Page 1570 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1570
possible values.
10. D. The single quote character (') is used in SQL queries and must
be handled carefully on web forms to protect against SQL injection
attacks.
11. B. Developers of web applications should leverage database stored
procedures to limit the application’s ability to execute arbitrary
code. With stored procedures, the SQL statement resides on the
database server and may only be modified by database
administrators.
12. B. Port scans reveal the ports associated with services running on a
machine and available to the public.
13. A. Cross-site scripting attacks are successful only against web
applications that include reflected input.
14. D. Multipartite viruses use two or more propagation techniques
(for example, file infection and boot sector infection) to maximize
their reach.
15. B. Input validation prevents cross-site scripting attacks by limiting
user input to a predefined range. This prevents the attacker from
including the HTML <SCRIPT> tag in the input.
16. A. Stuxnet was a highly sophisticated worm designed to destroy
nuclear enrichment centrifuges attached to Siemens controllers.
17. B. Back doors are undocumented command sequences that allow
individuals with knowledge of the back door to bypass normal
access restrictions.
18. D. The Java sandbox isolates applets and allows them to run within
a protected environment, limiting the effect they may have on the
rest of the system.
19. D. The <SCRIPT> tag is used to indicate the beginning of an
executable client-side script and is used in reflected input to create
a cross-site scripting attack.
20. A. Packets with internal source IP addresses should not be allowed
to enter the network from the outside because they are likely
