CySA+ Study Notes 12

Question 1

??? when a program attempts to put more data in a buffer than it can hold.

??? is a type of an arithmetic overflow error when the result of an ??? operation does not fit within the allocated memory space.

??? when a chunk of memory is allocated to the ??? and data is written to this memory without any bound checking being done on the data.

Answer 1

Buffer / Integer / Heap (Over Flow Attacks)

Question 2

??? also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.

Answer 2

XSS (Reflected)

Question 3

??? attack wherein the attack payload is executed as a result of modifying the
??? “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner.

Answer 3

XSS (DOM)

Question 4

when the application ??? a pointer that it expects to be valid, but is ???, typically causing a crash or exit.

Answer 4

Dereferencing (NULL)

Question 5

a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. … However, it is just one example of many access control implementation mistakes that can lead to access controls being circumvented (ex: MiTM).’

Answer 5

Insecure Object Reference

Question 6

when attackers are able to compromise passwords, keys or session tokens, user account information, and other details to assume user identities.

Answer 6

Broken Authentication

Question 7

??? method of providing backend services on an as-used basis. Servers are still used, but a company that gets backend services from a ??? vendor is charged based on usage, not a fixed amount of bandwidth or number of servers.

Answer 7

Serverless

Question 8

In ???, a hypervisor segments servers into virtual machines that in turn host virtual desktops, which users access remotely from their devices. Users can access these virtual desktops from any device or location, and all processing is done on the host server. Users connect to their desktop instances through a connection broker, which is a software-based gateway that acts as an intermediary between the user and the server.

Answer 8

VDI

Question 9

??? is the encapsulation of an application and its required environment.

??? cloud-hosted software or on-premises software or hardware that act as an intermediary between users and cloud service providers.

??? is the process of replacing HTML control characters (e.g. , “, &, etc) into their encoded representatives.

Answer 9

Containerization / CASB / Output Encoding

Question 10

??? (also known as a prepared statement) is a means of pre-compiling a SQL statement so that all you need to supply are the “parameters” (think “variables”) that need to be inserted into the statement for it to be executed. It’s commonly used as a means of preventing SQL injection attacks.

Answer 10

Parameterized Queries