Day 1 115-151 Flashcards
1.115 After gaining access to a Linux machine, how can an attacker use the /etc/passwd file?
A. He can’t read it because it’s encrypted.
B. The file reveals the passwords to the root user only.
C. He can open it and read the user id’s and corresponding passwords.
D. The password file does not contain the passwords themselves.
Answer: D
In Linux, user-account info is stored in the /etc/passwd file. Typically, however, the actual user passwords themselves are stored in a different file, /etc/shadow, which is only readable by the root account.
1.116 What type of SQL injection attack is this?
SELECT * FROM userinfo WHERE name=‘xyz’ AND userid IS NULL; –’;
A. Union SQL injection
B. End of line comment
C. Tautology
D. Illegal/logically incorrect query
Answer: B
The – is an end of line comment and negates any other code that may have come afterwards, such as a password requirement perhaps. Tautology is when two things are equal to each other, such as 1=1 (which is not present here). A union statement is combining two queries with a UNION command (again, not present here). As for the logic, the above query is logically correct.
1.117 Which would be the best description for Cross-Site Request Forgery (CSRF)?
A. Modification of a request by a proxy between client and server
B. A request sent by a malicious user from a browser to a server
C. A browser making a request to a server without the user’s knowledge
D. A server making a request to another server without the user’s knowledge
Answer: C
1.118 In an attempt to protect passwords in the password file, you add random characters to the passwords before hashing them. What is this called?
A. Double hashing
B. Salting
C. Key stretching
D. Keyed hashing
Answer: B
1.119 You have a frame-relay network connected to your company. Over this network you need authenticate inbound users who are connecting via DSL, analog modems, wireless data services, and VPN’s. Which AAA would be the most likely to handle this requirement?
A. Kerberos
B. TACACS+
C. RADIUS
D. Diameter
Answer: C
RADIUS is the AAA system that has been around the longest and is generally the most compatible with different technologies and different vendor’s equipment.
Another reason RADIUS is a better answer here is that RADIUS is generally used for your users to access the network, whereas TACACS+ is generally used to control remote administration of networking equipment. TACACS+ can not only authenticate your network technicians, but it can also authorize a specific list of commands for each one of them.
1.120 In which type of attack does an attacker exploit vulnerabilities in dynamically generated web pages to inject client-side scripts into pages viewed by other users?
A. Cross-Site Request Forgery (CSRF)
B. SQL injection attack
C. LDAP injection attack
D. Cross-Site Scripting (XSS)
Answer: D
1.121 What’s the attack called where someone uses your Bluetooth connection to send you messages without your consent? This is basically the Bluetooth version of spamming.
A. Bluesmacking
B. Bluejacking
C. Bluesniffing
D. Bluesnarfing
Answer: B
1.122 Which type of attack allows an attacker to force a victim’s browser to send an authenticated request to a server?
A. Cross-site scripting
B. Cross-site request forgery
C. Server side request forgery
D. Session hijacking
Answer: B
While CSRF is a type of session hijack, it’s the better answer here as it’s the specific type of session hijack this question is referring to. With CSRF you need the victim to log-in (authenticate) to a server, then you trick the user into clicking on some type of link that will then send traffic to the server “on the victim’s behalf”. You are “forging a request” that appears to legitimately come from the user, even though the user has no idea what’s happening.
1.123 Why should you remove or disable unnecessary ISAPI filters?
A. To defend against jailbreaking
B. To defend against social engineering attacks
C. To defend against wireless attacks
D. To defend against webserver attacks
Answer: D
ISAPI filters are DLL files that can modify incoming or outgoing data to a Microsoft IIS webserver. Among other things, they can sanitize incoming data to protect against many common threats. Be sure to disable unnecessary ISAPI filters though because some of the default filters have known vulnerabilities.
1.124 Many antivirus programs will analyze potential viruses by executing them in a virtual machine to simulate CPU and memory activities. They do this to see how the code interacts with the VM. Which type of virus detection method is this?
A. Code emulation
B. Heuristic analysis
C. Scanning
D. Integrity checking
Answer: B
Most antivirus programs that utilize heuristic analysis perform this function by executing the programming commands of a questionable program or script within a specializedvirtual machine, thereby allowing the anti-virus program to internally simulate what would happen if the suspicious file were to be executed, while keeping the suspicious code isolated from the real-world machine.
1.125 What type of firewall could protect against a SQL injection attack?
A. Web application firewall
B. Stateful firewall
C. Data-driven firewall
D. Packet firewall
Answer: A
1.126 Which OS did the Shellshock vulnerability NOT directly affect?
A. Windows
B. Linux
C. OS X
D. Unix
Answer: A
1.127 What is it called when you do an injection attack based on true/false questions?
A. Classic SQLi
B. Blind SQLi
C. Compound SQLi
D. DMS-specific SQLi
Answer: B
1.128 Which of these acts requires employers to list their standard national numbers on all transactions?
A. SOX
B. HIPAA
C. PCI-DSS
D. DMCA
Answer: B
1.129 You’ve just been alerted by the HIDS that the server has been breached. After calling the incident response team, they’ve instructed you not to power off the server and that they are on the way.
Why did they tell you not to power off the server?
A. This will alert the attacker that they’ve been discovered, prompting them to delete data or install ransomware before their foothold in the network is severed.
B. The incident response team needs to retrieve information stored in volatile memory such as RAM.
C. Actually, the correct procedure in this case is to power off the server. This helps prevent the attacker from spreading deeper into the network.
D. The attacker may have placed a logic bomb, which will trigger when the shutdown command is issued
Answer: B