首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de
The following scenario will be used for questions 26, 27, and 28. Trent is the new manager of his company’s internal software de
admin
2013-12-19
104
问题
The following scenario will be used for questions 26, 27, and 28.
Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability.
Which of the following best describes the type of vulnerability mentioned in this scenario?
选项
A、Dynamic vulnerability that is polymorphic
B、Static vulnerability that is exploited by server-side injection parameters
C、Vulnerability that does not currently have an associated solution
D、Database vulnerability that directly affects concurrency
答案
C
解析
C正确。零日漏洞指的是目前还没有解决方法的漏洞。如果某个漏洞被识别,并且没有预先建立好的修复程序(补丁、配置、更新),它就可以被看成零口漏洞。零日攻击指的是一种利用系统中先前不知道的漏洞的攻击,这意味着攻击发生的时间位于它被确认和解决方案准备好之间——即在此漏洞被发现之前。它给受害者留下零日作出反应和为漏洞打上补丁。
A不正确。因为零日漏洞是受害者和可能的受害者目前不能通过现存解决方案弥补的任何类型的漏洞。零口漏洞与动态多态漏洞一样,本身没什么特殊之处,它只是包含这种类型的漏洞和其他漏洞的一个通用类。多态攻击仅仅意味着它会改变自身,从而达到防止被检测到的目的。
B不正确。因为零日漏洞是受害者和可能的受害者目前不能通过现存的解决方案弥补的任何类型的漏洞。零日漏洞本质上并不像服务器端的注入一样是特定的,它只是一个包含这种漏洞和其他漏洞的一个通用类。服务器端包含(Server-Side Include,SSI)注入攻击允许通过在HTML页面中注入代码或远程执行任意代码来利用Web应用程序。
D不正确。因为数据库内的并发专门针对的是同时执行若干个事务。如果某个漏洞直接影响了数据库中事务的成功执行,那么就说明存在一个负面影响数据库软件所存储和处理的数据的完整性的风险。这与零日漏洞没有任何关系。
转载请注明原文地址:https://kaotiyun.com/show/vNhZ777K
0
CISSP认证
相关试题推荐
Individualsandbusinesseshavelegalprotectionforintellectualpropertytheycreateandown.Intellectualproper【C1】______fro
Backinthe1990s,awell-knowncomputerscientisthadanunusualwayofintroducinghimselftowomen.Accordingtoindustrylor
TheU.S.spaceagency,NASA,isplanningtolaunchasatellitethatscientistshopewillanswerfundamentalquestionsaboutthe
Writeanessayof160~200wordsbasedonthefollowingdrawing.Inyouressay,youshould1)describethedrawingbriefly,
Writeanessayof160-200wordsbasedonthefollowingdrawing.Inyouressay,youshould1)describethedrawingbriefly,
Ifsoldieringwasforthemoney,theSpecialAirService(SAS)andtheSpecialBoatService(SBS)wouldhavedisintegratedinre
Gradeinflation—thegradualincreaseinaverageGPAs(grade-pointaverages)overthepastfewdecades—isoftenconsideredaprod
Americanfarmershavebeencomplainingoflaborshortagesforseveralyearsnow.Givenamulti-yeardeclineinillegalimmigrati
RobertF.Kennedyoncesaidthatacountry’sGDPmeasures"everythingexceptthatwhichmakeslifeworthwhile".WithBritainv
GizmosandGadgetshasrestoreditsoriginalfacilityafteradisaster.Whatshouldbemovedinfirst?
随机试题
我国形成了九品三十等的官僚等级制度的时代是()。
Youcannotbe______carefulwhenyoudriveacar.
张三酒后与李五发生争吵,随后两人互相殴打,均受轻伤。县公安局认为张三首先挑起事端,应负主要责任,对其拘留8天,同时责令其拿出500元作为李五的医药费。张三向市公安局申请复议,市公安局作出了维持的复议决定。张三随后向县法院提起行政诉讼,其律师提醒他可以提起行
冯某对市房管局向孙某核发房屋所有权证的行为不服,以自己是房屋所有权人为由请求法院判决撤销某市房管局的发证行为。冯某向法院提交了房屋所有权证,孙某向法院提交了该房屋买卖合同,市房管局向法院提交了孙某的房屋产权登记申请、契税完税证等证据。下列哪一说法是正确的?
下列函数中,()不是微分方程y"-4y’+3y=0的解。
编制监理规划的时间是()。
(2013年)关于社会保险行政复议的说法,错误的是()。
警察发现90%的偷盗发生在没有报警系统的房屋。于是警察得出结论,在C城市,报警系统的存在对偷盗起了威慑作用。警察的结论预先假设了什么?
人民法院审理行政案件过程中,发现地方规章与部门规章不一致时,应当选择下列哪种做法?()
Thefollowingparagraphsaregiveninawrongorder.Youarerequiredtoreorganizetheseparagraphsintoacoherentarticleby
最新回复
(
0
)