5 Flashcards
Which of the following describes an application attack that relies on executing a library of code?
* Memory leak
* DLL injection
* Pointer dereference
* Buffer overflow
DLL injection
Which of the following fragments of input might indicate an LDAP injection attack attempt? (Select 2 answers)
* … AND password = ‘’ OR ‘1’ = ‘1’;
* administrator)(&)) ( Missed)
* …
malicious script code
* search.aspx?name=userName)(zone=*) ( Missed)
* … p@$$w0rd</password></user><user><name>attacker</name> ....</user>
- administrator)(&))
- search.aspx?name=userName)(zone=*)
Which of the following fragments of input might indicate an XML injection attack attempt?
* search.aspx?name=userName)(zone=*)
* … p@$$w0rd</password></user><user><name>attacker</name> ....
* administrator)(&))
* ... AND password = '' OR '1' = '1';
* ...
malicious script code</user>
… p@$$w0rd</password></user><user><name>attacker</name> ....</user>
Which of the following terms describes an attempt to read a variable value from an invalid memory address?
* Buffer overflow
* Null-pointer dereference
* Integer overflow
* Memory leak
Null-pointer dereference
A dot-dot-slash attack is also referred to as:
* Disassociation attack
* On-path attack
* Directory traversal attack
* Downgrade attack
Directory traversal attack
Which of the following URLs is a potential indicator of a directory traversal attack?
* http://www.example.com/var/../etc/passwd
* http://www.example.com/var/www/../../etc/passwd
* http://www.example.com/var/www/files/../../../etc/passwd
* http://www.example.com/var/www/files/images/../../../../etc/passwd
* Any of the above
Any of the above
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:
* IV attack
* SQL injection
* Buffer overflow
* Fuzz test
Buffer overflow
A situation in which an application writes to an area of memory it is not supposed to have access to is referred to as:
* DLL injection
* Buffer overflow
* Memory leak
* Integer overflow
Buffer overflow
A malfunction in a preprogrammed sequential access to a shared resource is described as:
* Race condition
* Buffer overflow
* Memory leak
* Pointer dereference
Race condition
Which of the following terms refers to a vulnerability caused by race conditions?
* Mean time to failure
* Replay attack
* Mean time between failures
* Time-of-check to time-of-use
Time-of-check to time-of-use
Which of the programming aspects listed below are critical in secure application development process? (Select 2 answers)
* Patch management
* Input validation
* Password protection
* Error and exception handling
* Application whitelisting
- Input validation
- Error and exception handling
A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of:
* Zero-day vulnerability
* Improper input validation
* Default configuration
* Improper error handling
Improper input validation
Which of the following answers refers to a countermeasure against code injection?
* Fuzzing
* Input validation
* Code signing
* Normalization
Input validation
A network replay attack occurs when an attacker intercepts sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized operations.
* True
* False
True
Which of the following are the characteristic features of a session ID? (Select 3 answers)
* Stored on a server
* A unique identifier assigned by the website to a specific user
* Contains user’s authentication credentials, e.g. username and password
* A piece of data that can be stored in a cookie, or embedded as an URL parameter
* Stored in a visitor’s browser
* A unique identifier assigned to a server
- A unique identifier assigned by the website to a specific user
- A piece of data that can be stored in a cookie, or embedded as an URL parameter
- Stored in a visitor’s browser
