3 Flashcards
A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.
False
A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:
Downgrade attack
Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)
- System/application vulnerability
*Social engineering techniques
- System/application misconfiguration
Which of the following answers can be used to describe characteristics of a cross-site scripting attack?
- Exploits the trust a user’s web browser has in a website
- A malicious script is injected into a trusted website
- User’s browser executes attacker’s script
Which of the following indicates an SQL injection attack attempt?
SELECT * FROM users WHERE userName = ‘Alice’ AND password = ‘’ OR ‘1’ = ‘1’;
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
** DLL **
A DLL is a library that contains code and data that can be used by more than one program at the same time
Which of the following describes an application attack that relies on executing a library of code?
DLL injection
Which of the following fragments of input might indicate an LDAP injection attack attempt? (Select 2 answers)
- administrator)(&))
- search.aspx?name=userName)(zone=*)
Which of the following fragments of input might indicate an XML injection attack attempt?
… p@$$w0rd</password></user><user><name>attacker</name> ....</user>
Which of the following terms describes an attempt to read a variable value from an invalid memory address?
Null-pointer dereference
A dot-dot-slash attack is also referred to as:
Directory traversal attack
Which of the following URLs is a potential indicator of a directory traversal attack?
- http://www.example.com/var/../etc/passwd
- http://www.example.com/var/www/../../etc/passwd
- http://www.example.com/var/www/files/../../../etc/passwd
- http://www.example.com/var/www/files/images/../../../../etc/passwdAny of the above
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:
** Buffer overflow **
Also known as a buffer overrun, buffer overflow occurs when the amount of data in the buffer exceeds its storage capacity. That extra data overflows into adjacent memory locations and corrupts or overwrites the data in those locations.
A situation in which an application writes to an area of memory it is not supposed to have access to is referred to as:
** Buffer overflow **
Also known as a buffer overrun, buffer overflow occurs when the amount of data in the buffer exceeds its storage capacity. That extra data overflows into adjacent memory locations and corrupts or overwrites the data in those locations.
A malfunction in a preprogrammed sequential access to a shared resource is described as:
** Race condition **
A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time