Application Security and Penetration Testing Flashcards
Your company has just purchased a web application. You have been asked to assess this commercial application for any potential vulnerabilities. Which approach would be best? A. Code review B. Black box assessment C. Audit D. Vulnerability assessment
D. A vulnerability assessment is the best tool to evaluate this commercial product for vulnerabilities.
Address space layout randomization protects against what types of attack? A. Brute-force B. Denial-of-service C. Buffer overflow D. Man-in-the-middle
C. ASLR protects against buffer overflow attacks by randomizing the address location of otherwise targeted code.
An attacker has implanted a Trojan horse on a victim’s machine that is monitoring the HTTP get requests. The first request the user makes after 10 a.m. on a weekday causes a malicious script to execute that will request a current copy of a confidential research document in support of a product being developed. Which of the following best describes the attack that will take place? A. Logic bomb B. XSRF C. Keystroke logger D. Sniffer
D. A sniffer has been placed on the victim’s machine to monitor and capture the confidential research document.
You have just run a tool that has identified the targeted operating system as Microsoft Windows 10. What step has occurred? A. Port scanning B. OS fingerprinting C. Footprinting D. Vulnerability scanning
B. The tool fingerprinted the operating system and identified it as Windows 10.
You’ve just entered telnet www.thesolutionfirm.com 80 at the command line. What is the purpose of this command? A. Port scanning B. Banner grabbing C. Footprinting D. Vulnerability scanning
B Using Telnet to connect to port 80, the port for web service, is a means to grab the web server’s banner.
SYN cookies are used to defend against SYN flooding attacks. What type of device is best to configure with the ability to create SYN cookies? A. Web server B. A hardened host C. Load balancer D. AAA server
B. A hardened host might be running the software necessary to produce SYN cookies.
You have been asked to run a sniffer on a switch and have captured very little traffic. What might be the problem?
A. The Internet connection is down.
B. The ports are not spanned.
C. You were ARP poisoned.
D. Sniffers are not compatible with Ethernet.
B. Perhaps the switch ports are not spanned to the port being monitored.
A vishing attack may be the ultimate goal when an attacker is doing which of these header manipulation attacks? A. XSS B. HTTP C. Clickjacking D. VoIP
D. A vishing attack is an attack on voice over IP.
Malicious links were placed inside an email that was pretending to solicit funds for rebuilding schools in war-ravaged areas of the world. This email was mass-mailed to the email addresses of military personnel, which had been collected by a spider responsible for creating mail lists. The attack was designed to trick a user’s browser into sending a forged HTTP request including the user’s session cookie and authentication information to a vulnerable web application. What kind of attack occurred? A. TOC/TOU B. Clickjacking C. CSRF D. Buffer overflow
C. A CSRF attack tricks a user’s browser into sending a forged HTTP request, including the user’s session cookie and authentication information, to a vulnerable web application.
Which test method is used to verify that inputs and outputs are correct? A. White box testing B. Black box testing C. Regression test D. Parallel testing
C. Regression testing is used to verify that inputs and outputs are correct after a modification to the code.
You have just noticed that one of the members of the security team placed a single quote into a web page request field. What type of problem are they testing for? A. XSS B. LDAP injection C. SQL injection D. Clickjacking
C. SQL injection is when a single quote is used to “escape” the input and start a new SQL instruction.
Which of the following will not help prevent XSS? A. Reviewing the code for XSS
B. Training users to be more careful
C. Testing code for XSS vulnerabilities
D. Escaping user input to prevent execution
A. There is no opportunity to review the XSS code.
When a lower-privilege user or application accesses functions or content reserved for higher-privilege users or applications, what is it called? A. Horizontal privilege escalation B. Insecure storage C. Vertical privilege escalation D. Buffer overflow
C. Vertical privilege escalation is elevating one’s privileges.
You have just identified some C code that contains the function vsprintf() . Using this function might lead to which of the following? A. Buffer overflow B. Clickjacking C. XSS D. CSRF
A. This call does not check for proper buffer size, so it is vulnerable to buffer overflow attacks.
When a network has been subjected to a vulnerability scan and a report of vulnerabilities found has been created, what is the next step?
A. Determine the attack surface.
B. Remediate the security posture.
C. Schedule security awareness training.
D. Perform a penetration test.
B. If you know of the vulnerabilities, it’s time to mitigate the risks.