K03 - Client Side Attacks

Question 1

________________ is when an individual is manipulated to perform an action or reveal information that may compromise a target.

Answer 1

social engineering

Question 2

_______________ is considered the most successful and sought out method to exploit a target.

Answer 2

social engineering

Question 3

_______________is a form of attack in which untrusted Javascript is injected into a trusted website.

Answer 3

cross-site scripting

Question 4

True/False Attackers are rarely successful with client side attacks because of the limited number of configuration variables as well as the low amount of user interaction.

Answer 4

false

Question 5

____________ means that a user’s SQL input or data is checked for items that might harm the database.

Answer 5

sanitized

Question 6

What type of attack is initiated when the victim downloads content from the attacker.

Answer 6

client-side

Question 7

____________ checks inputs to ensure that it meets a criteria.

Answer 7

validation

Question 8

What is the target of an XSS:

• Host server
• Visitor’s browser
• Users inbox
• ISP infrastructure

Answer 8

Visitor’s browser

Question 9

What are the two types of XSS?

Answer 9

stored, reflected

Question 10

When the code of the targeted file is replaced with the infected code, this is known as:

• Parasitic
• Hijacking
• Bootlegging
• Overwriting

Answer 10

Overwriting

Question 11

What may store information pertaining to a session and track client’s other personal data?

• Bits
• Cookies
• Cache
• Tokens

Answer 11

Cookies

Question 12

Viruses have a naming convention, established by Symantec, that involves alphanumeric characters, underscores, spaces. Each section is limited to how many characters?

Answer 12

20

Question 13

True/False Social engineering occurs when a malicious actor leverages access to a user’s session cookies in order to impersonate that user.

Answer 13

false

Question 14

Determine whether the XSS method presented is reflected or stored: When the injected script is reflected off the web server.

Answer 14

reflected

Question 15

Determine whether the XSS method presented is reflected or stored: When the injected script is permanently stored on the target servers.

Answer 15

stored

Question 16

____________ is the use of Valid SQL Queries via input data fields or attaching queries to the end of URLs from client side to server side application which could allow data to be read or modified.

Answer 16

sql injection

Question 17

Determine whether the given incident impacts Confidentiality, Integrity, or Availability: Details of a classified government project have been published online. The publisher claims the documentation was provided by an anonymous group of hackers.

Answer 17

confidentiality

Question 18

Determine whether the given incident impacts Confidentiality, Integrity, or Availability: A user has clicked on a malicious link and installed ransomware. The user is unable to access any files.

Answer 18

availability

Question 19

Determine whether the given incident impacts Confidentiality, Integrity, or Availability: An attacker successfully executes a denial-of-service attack against a company which employs 35 people.

Answer 19

availability

Question 20

Determine whether the given incident impacts Confidentiality, Integrity, or Availability: An authorized user is sharing information with a coworker who is not authorized to access that project.

Answer 20

confidentiality

Question 21

Determine whether the given incident impacts Confidentiality, Integrity, or Availability: An employee has modified company financial records to reflect losses for the quarter. The employee then forwards the altered documents to the finance department.

Answer 21

integrity

Question 22

Determine whether the given incident impacts Confidentiality, Integrity, or Availability: A hacker has altered financial records to commit fraud.

Answer 22

integrity

Question 23

Determine whether the given incident impacts Confidentiality, Integrity, or Availability: An attacker injects or executes arbitrary code on a client.

Answer 23

integrity

Question 24

Any software installed on the OS that causes damage, loss of resources, or exploits any programmable device, service, or network is known as what?

Answer 24

malware

Question 25

List the malware type that matches the definition: malware that performs malicious actions when opened by the user.

Answer 25

virus

Question 26

List the malware type that matches the definition: malware that encrypts files and demands a ransom to return the data to the user.

Answer 26

ransomware

Question 27

List the malware type that matches the definition: malware that masquerades as a harmless application. As a result, the user downloads and uses the application. Theft of personal data, device crashing, spy activities, or an attack could occur.

Answer 27

trojan

Question 28

List the malware type that matches the definition: A file that modifies other files through execution flow and/or attaching itself to the target file.

Answer 28

virus

Question 29

List the malware type that matches the definition: malware that replicates itself from machine to machine, and does not require user interaction to work.

Answer 29

worm

Question 30

List the malware type that matches the definition: malware that captures and transmits personal information, internet browsing, or communication habits to a designated location

Answer 30

spyware