Only $35.99/year

Questions missed last time 12/9/2015

Terms in this set (90)

You are correct, the answer is A.


A. Web application developers sometimes use hidden fields to save information about a client session or to submit hidden parameters, such as the language of the end user, to the underlying application. Because hidden form fields do not display in the browser, developers may feel safe passing unvalidated data in the hidden fields (to be validated later). This practice is not safe because an attacker can intercept, modify and submit requests, which can discover information or perform functions that the web developer never intended. The malicious modification of web application parameters is known as parameter tampering.

B. Cross-site scripting involves the compromise of the web page to redirect users to content on the attacker web site. The use of hidden fields has no impact on the likelihood of a cross-site scripting attack because these fields are static content that cannot ordinarily be modified to create this type of attack. Web applications use cookies to save session state information on the client machine so that the user does not need to log on every time a page is visited.

C. Cookie poisoning refers to the interception and modification of session cookies to impersonate the user or steal logon credentials. The use of hidden fields has no relation to cookie poisoning.

D. Stealth commanding is the hijacking of a web server by the installation of unauthorized code. While the use of hidden forms may increase the risk of server compromise, the most common server exploits involve vulnerabilities of the server operating system or web server.
You answered C. The correct answer is A.


A. Disk-to-disk backup, also called disk-to-disk-to-tape backup or tape cache, is when the primary backup is written to disk instead of tape. That backup can then be copied, cloned or migrated to tape at a later time (hence the term "disk-to-disk-to-tape"). This technology allows the backup of data to be performed without impacting system performance and allows a large quantity of data to be backed up in a very short backup window. In case of a failure, the fault-tolerant system can transfer immediately to the other disk set.

B. While a backup strategy involving tape drives is valid, because many computer systems must be taken offline so that backups can be performed, there is the need to create a backup window, typically during each night. For a system that must remain online at all times, the only feasible way to back up the data is to either duplicate the data to a server that gets backed up to tape, or deploy a disk-to-disk solution, which is effectively the same thing.

C. While creating a duplicate storage area network (SAN) and replicating the data to a second SAN provides some redundancy and data protection, this is not really a backup solution. If the two systems are at the same site, there is a risk that an incident such as a fire or flood in the data center could lead to data loss.

D. While creating an identical server and storage infrastructure at a hot site provides a great deal of redundancy, there is still the need to create a backup of the data, and typically there is the need to archive certain data for long-term storage. A cutover to a hot site cannot usually be performed in a short enough time for a continuous availability system. Therefore, this is not the best strategy.