Application Security and Penetration Testing Flashcards

1
Q
Your company has just purchased a web application. You have been asked to assess this commercial application for any potential vulnerabilities. Which approach would be best? 
A. Code review 
B. Black box assessment 
C. Audit 
D. Vulnerability assessment
A

D. A vulnerability assessment is the best tool to evaluate this commercial product for vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Address space layout randomization protects against what types of attack? 
A. Brute-force 
B. Denial-of-service 
C. Buffer overflow 
D. Man-in-the-middle
A

C. ASLR protects against buffer overflow attacks by randomizing the address location of otherwise targeted code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
An attacker has implanted a Trojan horse on a victim’s machine that is monitoring the HTTP get requests. The first request the user makes after 10 a.m. on a weekday causes a malicious script to execute that will request a current copy of a confidential research document in support of a product being developed. Which of the following best describes the attack that will take place? 
A. Logic bomb 
B. XSRF 
C. Keystroke logger 
D. Sniffer
A

D. A sniffer has been placed on the victim’s machine to monitor and capture the confidential research document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
You have just run a tool that has identified the targeted operating system as Microsoft Windows 10. What step has occurred? 
A. Port scanning 
B. OS fingerprinting 
C. Footprinting 
D. Vulnerability scanning
A

B. The tool fingerprinted the operating system and identified it as Windows 10.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
You’ve just entered telnet www.thesolutionfirm.com 80 at the command line. What is the purpose of this command? 
A. Port scanning 
B. Banner grabbing 
C. Footprinting 
D. Vulnerability scanning
A

B Using Telnet to connect to port 80, the port for web service, is a means to grab the web server’s banner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
SYN cookies are used to defend against SYN flooding attacks. What type of device is best to configure with the ability to create SYN cookies? 
A. Web server 
B. A hardened host 
C. Load balancer 
D. AAA server
A

B. A hardened host might be running the software necessary to produce SYN cookies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have been asked to run a sniffer on a switch and have captured very little traffic. What might be the problem?
A. The Internet connection is down.
B. The ports are not spanned.
C. You were ARP poisoned.
D. Sniffers are not compatible with Ethernet.

A

B. Perhaps the switch ports are not spanned to the port being monitored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A vishing attack may be the ultimate goal when an attacker is doing which of these header manipulation attacks? 
A. XSS 
B. HTTP 
C. Clickjacking 
D. VoIP
A

D. A vishing attack is an attack on voice over IP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Malicious links were placed inside an email that was pretending to solicit funds for rebuilding schools in war-ravaged areas of the world. This email was mass-mailed to the email addresses of military personnel, which had been collected by a spider responsible for creating mail lists. The attack was designed to trick a user’s browser into sending a forged HTTP request including the user’s session cookie and authentication information to a vulnerable web application. What kind of attack occurred? 
A. TOC/TOU 
B. Clickjacking 
C. CSRF 
D. Buffer overflow
A

C. A CSRF attack tricks a user’s browser into sending a forged HTTP request, including the user’s session cookie and authentication information, to a vulnerable web application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Which test method is used to verify that inputs and outputs are correct? 
A. White box testing 
B. Black box testing 
C. Regression test 
D. Parallel testing
A

C. Regression testing is used to verify that inputs and outputs are correct after a modification to the code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
You have just noticed that one of the members of the security team placed a single quote into a web page request field. What type of problem are they testing for? 
A. XSS 
B. LDAP injection 
C. SQL injection 
D. Clickjacking
A

C. SQL injection is when a single quote is used to “escape” the input and start a new SQL instruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following will not help prevent XSS? A. Reviewing the code for XSS
B. Training users to be more careful
C. Testing code for XSS vulnerabilities
D. Escaping user input to prevent execution

A

A. There is no opportunity to review the XSS code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
When a lower-privilege user or application accesses functions or content reserved for higher-privilege users or applications, what is it called? 
A. Horizontal privilege escalation 
B. Insecure storage 
C. Vertical privilege escalation 
D. Buffer overflow
A

C. Vertical privilege escalation is elevating one’s privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
You have just identified some C code that contains the function vsprintf() . Using this function might lead to which of the following? 
A. Buffer overflow 
B. Clickjacking 
C. XSS 
D. CSRF
A

A. This call does not check for proper buffer size, so it is vulnerable to buffer overflow attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When a network has been subjected to a vulnerability scan and a report of vulnerabilities found has been created, what is the next step?
A. Determine the attack surface.
B. Remediate the security posture.
C. Schedule security awareness training.
D. Perform a penetration test.

A

B. If you know of the vulnerabilities, it’s time to mitigate the risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
When is final acceptance testing usually performed? 
A. Prototype phase 
B. Implementation phase 
C. Development phase 
D. Creation phase
A

B. Final acceptance testing is usually performed at the implementation phase after the team leads are satisfied with all other tests and the application is ready to be deployed.

17
Q
Comprehensive input validation, instead of unchecked assumptions, would help eliminate all but which of the following attacks? 
A. XSS 
B. SQL injection 
C. XML injection 
D. Radio frequency injection
A

D. Radio frequencies as input do not get validated.

18
Q
Which test occurs when it’s verified that a system can operate in its targeted environment? 
A. Black box test 
B. White box test 
C. Function test 
D. Sociability test
A

D. A sociability test validates that the system can operate in its target environment.

19
Q
Employees failed to respond properly to auditor questions regarding how they would react to attempts by an attacker in social engineering situations. Additional security awareness training was scheduled for these employees. What type of control is this? 
A. Administrative 
B. Physical 
C. Technical 
D. Logical
A

A. Administrative controls include security awareness training.

20
Q
Which form of attack typically targets timing? 
A. XSS 
B. XSRF 
C. Buffer overflows 
D. TOC/TOU
A

D. For race conditions, the objective is to exploit the delay between the time of check (TOC) and the time of use (TOU). These attacks are sometimes called asynchronous attacks and are highly dependent on timing.