Question 1

During the early days of the Internet, most Web pages were static HTML, so programming exploits could only be aimed at the client-side browsers.

Accepted Answer

During the early days of the Internet, most web pages were static HTML, meaning they did not have server-side scripts to exploit, so attacks were primarily focused on client-side browsers.

Question 2

The design flaw in ActiveX is that ActiveX can do anything the user can do.

Accepted Answer

ActiveX controls have very few restrictions and can execute a wide range of actions on a user's system, essentially anything the user's account has permission to do, which can lead to significant security vulnerabilities.

Question 3

The COM architecture was first released with Windows XP.

Accepted Answer

The COM (Component Object Model) architecture was first introduced by Microsoft in 1993, predating Windows XP, which was released in 2001.

Question 4

One of the least common exploits used on the Internet is a buffer overflow.

Accepted Answer

Buffer overflow exploits are actually among the most common and dangerous vulnerabilities on the Internet, as they allow attackers to execute arbitrary code by overwriting parts of the memory of a vulnerable application.

Question 5

HTML is a dynamic language, and can be executed successfully outside a Web browser.

Accepted Answer

HTML is a markup language used for creating and designing web pages, not a programming language, and it cannot be executed or run; it needs a web browser to be rendered.

Question 6

____ controls are stand-alone compiled applications designed to make it possible to link and allow interactions between variously developed applications.&#10;A)ActiveX&#10;B)Applets&#10;C)Java widgets&#10;D)VBScript

Accepted Answer

ActiveX controls are stand-alone compiled applications that enable linking and interaction between applications developed in different programming languages or environments. They are often used in Microsoft environments to embed functionality within web pages or software applications.

Question 7

Up until ____, when Microsoft issued the patch that disables autoplay of ActiveX controls, ActiveX was becoming a widespread way to perform surreptitious installation of spyware and adware on Windows machines.

A)2000
B)2001
C)2003
D)2006

Accepted Answer

In 2006, Microsoft issued a patch that disables autoplay of ActiveX controls, addressing the issue of ActiveX being used for the surreptitious installation of spyware and adware on Windows machines.

Question 8

The ____ vulnerability exploits an unchecked buffer in Internet Explorer processing HTML elements such as FRAME and IFRAME elements.&#10;A)phishing&#10;B)buffer overflow&#10;C)HTML e-mail&#10;D)remote access

Accepted Answer

The correct answer is buffer overflow. This vulnerability is due to an unchecked buffer in Internet Explorer, which can be exploited by specially crafted HTML elements, leading to potential arbitrary code execution.

Question 9

Secure transfer of data has been made available by protocols such as ____.&#10;A)FTP&#10;B)HTTP&#10;C)SSL&#10;D)TCP

Accepted Answer

SSL (Secure Sockets Layer) is specifically designed for the secure transfer of data by encrypting the data during transmission.

Question 10

SSL encrypts the session, as well as the data that is being used in the session, using ____.&#10;A)PKI&#10;B)VPN&#10;C)TLS&#10;D)HTTPS

Accepted Answer

PKI (Public Key Infrastructure) is used to encrypt the session and data in SSL.

Question 11

_________________________ are the defects in various programming languages that are used to develop server-side and client-side applications.

Accepted Answer

The answer of _________________________ are the defects in various programming...

Question 12

____________________ controls are Component Object Model (COM) objects that can be embedded in a variety of applications.

Accepted Answer

The answer of ____________________ controls are Component Object Model (COM)...

Question 13

____________________, Microsoft's answer to Netscape's JavaScript language, is loosely based on the Visual Basic programming language, but is much simpler.

Accepted Answer

The answer of ____________________, Microsoft's answer to Netscape's JavaScript language,...

Question 14

______________________________ is the most basic script used to develop Web pages and uses a set of markup tags, such as , to define the structure of Web pages.

Accepted Answer

The answer of ______________________________ is the most basic script used...

Question 15

Java is designed to run in a platform-independent manner using _________________________ installed on the client computer as its sandbox.

Accepted Answer

The answer of Java is designed to run in a...

Question 16

What is the difference between a script and a programming language?

Accepted Answer

The answer of What is the difference between a script...

Question 17

How can attackers use ActiveX to modify resources on an implementation of Windows?

Accepted Answer

The answer of How can attackers use ActiveX to modify...

Question 18

What security measures regarding ActiveX should you take if you are running Windows 2000 or Windows XP?

Accepted Answer

The answer of What security measures regarding ActiveX should you...

Deck 13: Programming Exploits