701 - Chapter 7

Question 1

What is an attack from one attack against one Target? And what is an attack from two or more computers against a single target? And what is the goal of both of these attacks? What is an indicator of this attack?

Answer 1

Denial of service DOS… distributed
denial of service DDOS… resource exhaustion… A high amount of network traffic on the network interface card

Question 2

What are the two major variants of a DDOS attack?

Answer 2

Reflected and amplified

Question 3

Which variant of a DDOS attack involves using third-party servers to redirect traffic to the Target?

Answer 3

Reflected

Question 4

Which variant of a DDOS attack involves combining reflection techniques with amplification to generate an even greater volume of traffic directed at the target?

Answer 4

Amplified

Question 5

This common denial of service/distributed denial of service attack, disrupts the TCP handshake process and can prevent legitimate clients from connecting?

Answer 5

SYN Flood attack

Question 6

How does a SYN flood attack work?

Answer 6

The attacker never completes the last step of the handshake process by sending the ACK packet and the attacker sends a barrage of SYN packets leaving the server with multiple half open connections

Question 7

This attack occurs when an attack or creates a fake identity, certificate, file, or other object in an attempt to fool and unsuspecting user or system? And what is an example that occurs when one person or entity, impersonates or masquerades as someone or something else?

Answer 7

Forgery…spoofing

Question 8

What are three common spoofing methods?

Answer 8

Email address, IP address, media access control MAC address

Question 9

This attack is a form of active interception and modification or active monitoring. It uses a separate computer that accepts traffic from each party in a conversation and forward to the traffic between the two? And what is another name for this attack?

Answer 9

On – path attack… Man in the middle attack

Question 10

What are two indicators of an on path attack?

Answer 10

A delay in the communication between the two computers due to having to go through the man in the middle and the computer certificates used to create to secure sessions, may not be issued by a trusted certificate authority. Therefore users will receive certificate warnings and can only continue if they ignore the warnings.

Question 11

What other technology is susceptible to on path attacks if administrators ignore warnings regarding previously established keys were changed?

Answer 11

Secure shell sessions SSH

Question 12

This attack changes, an encrypted hTTPS connection to an unencrypted HTTP connection? With this attack, when does the attack have to occur to be successful? And what is an indication of this attack?

Answer 12

SSL stripping… at the beginning of the TLS negotiation… If the browser URL indicates not secure or the URL includes http instead of https

Question 13

What attack attempts to modify or corrupt DNS data that is stored on a DNS server? And what is an indicator of this attack?

Answer 13

DNS poisoning… When the user attempts to go to a known website, but as directed to a different one…

Question 14

What what is another a type of attack that manipulates DNS and redirect users to different websites? What is the major difference between this attack and a DNS poisoning attack? And what is modified?

Answer 14

Pharming…pharming attacks corrupt DNS information on a user system… the hosts file

Question 15

What attack is used to redirect traffic to a different page within a site internally or externally??

Answer 15

URL redirection

Question 16

This attack changes, a domain name registration without permission from the owner?

Answer 16

Domain hijacking attack

Question 17

What uses block lists of known malicious domain names and either refuses to provide IP addresses for those malicious sites or provide incorrect results for them?

Answer 17

DNS filtering

Question 18

What enables a request to be intercepted and does not allow the request to reach the server or site requested?

Answer 18

A DNS sinkhole

Question 19

What can be useful in identifying potentially malicious websites?

Answer 19

DNS log files

Question 20

What attack captures data in a session to impersonate one of the parties in the session? This attack can occur on what types of network? And what is an effective countermeasure against this type of attack?

Answer 20

Replay attack…wired and wireless networks… Timestamps, sequence number, multifactor authentication

Question 21

What protocol helps prevent replay attack by using time stamped tickets?

Answer 21

Kerberos

Question 22

What is the practice for developers of checking data for validity before using it called?

Answer 22

Input validation

Question 23

True or false improper input handling or the lack of input validation is one of the most common security issues with web-based application applications

Answer 23

True

Question 24

What are the different types of attacks that can occur without input validation?

Answer 24

Buffer overflow, SQL injection, DLL injection, cross site scripting

Question 25

What are four input validation checks that a developer can use on a webpage?

Answer 25

Verifying proper characters that should be in a field, blocking HTML code, preventing the use of certain characters, implementing bound or range checking

Question 26

Where are the two locations that a developer can perform input validation? Of these two, which is the most secure? And why?

Answer 26

Client side and server side…server side… because it is possible to bypass client side validation techniques

Question 27

What is another input validation technique? And how does it work?

Answer 27

HTML escaping or HTML and coding… It works by replacing HTML symbols with their ASCII replacement characters

Question 28

When two or more modules of an application or two or more applications attempt to access a resource at the same time it can cause a conflict known as what?

Answer 28

A race condition

Question 29

What is a specific type of race condition that can be exploited and what is another name for that?

Answer 29

A time of check to time of use TOCTOU… a state attack

Question 30

What are the two important points about error reporting and handling?

Answer 30

Errors to users should be general, detailed information about the provides information to the attackers… detailed information regarding the error should be logged as this will provide the developers the info they need to fix the problem

Question 31

What does error and exception handling do for the system?

Answer 31

It helped protects the operating systems, integrity, and controls the error shown to the user

Question 32

What can be done to make code unclear or difficult to understand?

Answer 32

Code obfuscation

Question 33

What can be used to mimic the use of multiple different core languages by including functions and modules used by several different languages?

Answer 33

Software diversity

Question 34

What are four potential vulnerabilities to outsourcing development?

Answer 34

Ensure that the code works as expected, Vulnerable code if best practices are not used, malicious code can be inserted, lack of future updates

Question 35

What can be done in an application to protect unencrypted data in use?

Answer 35

Flush the memory buffers

Question 36

What are three HTTP headers that are recommended as best practice to be used?

Answer 36

HTRP strict transport security…content security policy…X frame options

Question 37

What is a cookie that has the secure attribute set? And what does this do? And how does it help against an attack?

Answer 37

A secure cookie… it insures that the cookie is only transmitted over secure encrypted channels such as HTTPS… Protect the confidentiality of the cookies, contents and prevent attackers from reading them

Question 38

What are two benefits of codes signing?

Answer 38

The certificate identifies the author… the hash verifies The code has not been modified.

Question 39

What form of code review and testing examines the code without executing it? What can assist with this effort?

Answer 39

Static code analysis… Automated tools

Question 40

What form of code review and testing goes through the code line by line? And who does this?

Answer 40

Manual code review… someone other than the programmer who wrote the code

Question 41

What form of code review and testing check the code while it is running?

Answer 41

Dynamic code analysis

Question 42

What form of testing sends random strings of data to applications looking for vulnerabilities?

Answer 42

Fuzz testing

Question 43

What is an isolated area specifically created for testing called?

Answer 43

Sandboxing

Question 44

True or false it is not important to monitor the use of shared code packages throughout your organization

Answer 44

False… the shared packages can be used in multiple programs and each one can be impacted anytime a change is made or a vulnerability is found

Question 45

What tracks the version of software, as it is updated, including, who made the update and when it was made?

Answer 45

Software version control

Question 46

What are the different stages in a secure development environment?

Answer 46

Development, testing, staging, production, quality assurance

Question 47

What do attackers use to pass queries or to backend databases through web servers?

Answer 47

SQL injection attacks

Question 48

What code snippet is common in a sequel injection attack to trick the database server into providing information?

Answer 48

‘ or 1=1

Question 49

What can be done to help prevent SQL injection attacks?

Answer 49

Input validation techniques and stored procedures

Question 50

What is a bug in an application that causes the application to consume more and more memory the longer and runs and can an extreme cases cause the system to crash?

Answer 50

Memory leak

Question 51

What occurs when an application receives more input than it expects? And what is the result?

Answer 51

Buffer overflow… an error that exposes system memory that would otherwise be protected and inaccessible

Question 52

When attackers identify a buffer overflow, they can exploit it and overwrite memory locations with their own code, what is this called? What is the best defense against buffer overload?

Answer 52

Memory injection… keep the system updated with current patches and input validation

Question 53

What is it when an attacker attaches a malicious DLL to a running process?

Answer 53

DLL injection

Question 54

What is the best defense against an LDAP or XML injection attack?

Answer 54

Validating the input

Question 55

What type of attack attempts to access a file by including the full directory path or moving around the directory structure on a computer? How do you defend against this attack?

Answer 55

Directory traversal… disabling directory traversal

Question 56

What is the vulnerability that allows attackers to inject scripts into webpages? What are the two types? How do you defend against this attack?

Answer 56

Cross site scripting… reflected, or non-persistent and stored or persistent… with sophisticated input validation techniques

Question 57

What cross scripting attack is often placed within a fishing email, but can also be placed on a public website, and retrieves the malicious URL via a click?

Answer 57

Reflected or non-persistent

Question 58

What cross site scripting attack has the malicious code stored in a database or other location trusted by the web application?

Answer 58

Stored or persistent

Question 59

This automation and scripting use case automates the process of creating updating a route and removing accounts and permissions?

Answer 59

User provisioning

Question 60

This automation and scripting use case creates configures and decommissions resources such as virtual machines storage and networks, and helps maintain the standard eye secure environment?

Answer 60

Resource provisioning

Question 61

This automation and scripting use case enforces security policies, and ensure that security best practices are consistently followed?

Answer 61

Guard rails

Question 62

This automation and scripting use case ensures that access controls are consistently applied to network resources and that they are updated as needed to address changes in the threat landscape?

Answer 62

Security groups

Question 63

This automation scripting use case can be used to streamline incident response processes and ensures that issues are quickly reported and assigned to the appropriate teams?

Answer 63

Ticket creation

Question 64

This automation and scripting use case can be used to escalate security incidents or vents to the appropriate personnel or teams based on predetermined criteria. This improves response time and reduces the potential impact of security threats.

Answer 64

Escalation

Question 65

This automation and scripting use case can be employed to enable or disable services and access based on various criteria such as user role, security policies or risk assessments it helps maintain a secure environment by limiting unnecessary access and reducing potential services?

Answer 65

Enabling and disabling services and access

Question 66

This automation and scripting use case ensures that code is consistently reviewed, tested and employed and secure manner and can help prevent the introduction of sec, security vulnerabilities, and maintain compliance with security standards?

Answer 66

Continuous integration and testing

Question 67

This automation and scripting use case can be used to integrate various security tools and platforms, allowing them to work together more effectively and share information in real time? APIs can be employed to enable those integrations.

Answer 67

Integrations and APIs

Question 68

What are the seven benefits of automation and scripting?

Answer 68

Efficiency and time saving, enforcing baselines, standard infrastructure configurations, scaling in a secure manner, employee retention, reaction time, workforce multiplier

Question 69

What are some of the potential drawbacks and challenges with automation and scripting?

Answer 69

Complexity, cost, single point of failure, technical debt, ongoing supportability