Lesson 14: Summarizing Secure Application Concepts

Question 1

An attacker compromises a Linux host, installing a web shell as a backdoor. If the attacker gained access to the host through a connection the host established, what type of attack has occurred?

A. Man-in-the-Browser (MitB)

B. Reverse shell

C. Rootkit

D. Session hijacking

Answer 1

B

Question 2

Which of the following is NOT a scripting language?

A. regex
B. PowerShell
C. JavaScript
D. Python

Answer 2

A

Question 3

Analyze types of vulnerabilities and summarize a zero-day exploit.

A. A design flaw that can cause the application security system to be circumvented.

B. A vulnerability that is capitalized on before the developer knows about it.

C. An attack that passes invalid data to an application.

D. An attack that passes data to deliberately overflow the buffer, that the application reserves to store the expected data.

Answer 3

B

Question 4

Which malicious code indicator is a minimal program designed to exploit a buffer overflow?

A. Credential dumping

B. Persistence

C. Lateral movement/insider attack

D. Shellcode

Answer 4

D

Question 5

Which scripting language is the preferred method of performing Windows administration tasks?

A. Javascript

B. Python

C. Ruby

D. Powershell

Answer 5

D

Question 6

Identify the type of attack that occurs when the outcome from execution process are directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.

A. Stack overflow

B. Integer overflow

C. Race conditions

D. Dynamic Link Library (DLL) injection

Answer 6

C

Question 7

A threat actor programs an attack designed to invalidate memory locations to crash target systems. Which statement best describes the nature of this attack?

A. The attacker created a null pointer file to conduct a dereferencing attack.

B. The attacker programmed a dereferencing attack.

C. The attacker programmed a null pointer dereferencing exception.

D. The attacker created a race condition to perform a null pointer dereferencing attack.

Answer 7

C

Question 8

A system administrator is working to restore a system affected by a stack overflow. Analyze the given choices and determine which overflow vulnerability the attacker exploited.

A. An attacker changes the return address of an area of memory used by a program subroutine.

B. An attacker overwrites an area of memory allocated by an application to store variables.

C. An attacker exploits unsecure code with more values than an array expects.

D. An attacker causes the target software to calculate a value that exceeds the set bounds.

Answer 8

A

Question 9

Evaluate the Agile paradigm within a Software Development Lifecycle (SDLC) to determine which statement demonstrates the idea of continuous tasks.

A. Devising an application’s initial scope and vision for the project

B. Prioritizing the requirements and work through the cycles of designing, developing, and testing

C. Releasing well-tested code in smaller blocks

D. Perform the final integration and testing of the solution

Answer 9

C

Question 10

Compare and contrast the types of Cross-Site Scripting (XSS) attacks, and select the option that accurately distinguishes between them.

A. Reflected and stored XSS attacks exploit client-side scripts, while the DOM is used to exploit vulnerabilities in server-side scripts.

B. Reflected and stored XSS attacks exploit server-side scripts, while the DOM is used to exploit vulnerabilities in client-side scripts.

C. Reflected and DOM attacks exploit server-side scripts, while a stored attack exploits vulnerabilities in client-side scripts.

D. Nonpersistent and persistent attacks exploit client-side scripts, while the DOM is used to exploit vulnerabilities in server-side scripts.

Answer 10

B

Question 11

Which method might an attacker use to redirect login via information gained by implementing JavaScript on a webpage the user believes is legitimate?

A. Man-in-the-Browser (MitB)

B. Confused deputy

C. Reflected

D. Clickjacking

Answer 11

D

Question 12

Which cookie attribute can a security admin configure to help mitigate a request forgery attack?

A. Secure

B. HttpOnly

C. SameSite

D. Cache-Control

Answer 12

C

Question 13

An employee is attempting to install new software they believe will help them perform their duties faster. When the employee tries to install the software, an error message is received, stating they are not authorized to install the software. The employee calls the help desk for assistance. Evaluate the principles of execution control to conclude what has most likely occurred in this scenario.

A. The company is utilizing allow list control, and the software is included in the list.

B. The software is malicious, and execution control has identified the virus and is blocking the installation.

C. The company is utilizing allow list control, and the software is not included in the list.

D. The company is utilizing block list control, and the software is not included in the list.

Answer 13

C

Question 14

Which type of attack disguises the nature of malicious input, preventing normalization from stripping illegal characters?

A. Fuzzing

B. Canonicalization

C. Code reuse

D. Code signing

Answer 14

B

Question 15

A threat analyst is asked about malicious code indicators. Which indicator allows the threat actor’s backdoor to restart if the host reboots or the user logs off?

A. Persistence

B. Credential dumping

C. Shellcode

D. Lateral movement/inside attacker

Answer 15

A

Question 16

A hacker compromises a web browser and uses access to harvest credentials users input when logging in to banking websites. What type of attack has occurred?

A. Evil twin

B. Man-in-the-Browser

C. Session hijacking

D. Clickjacking

Answer 16

B

Question 17

A system administrator suspects a memory leak is occurring on a client. Determine which scenario would justify this finding.

A. A rapid decrease in disk space has been logged.

B. High page file utilization has been logged.

C. High memory utilization during scheduled backups after-hours.

D. Software does not release allocated memory when it is done with it.

Answer 17

D

Question 18

An attacker finds a way to exploit a vulnerability in a target application that allows the attacker to bypass a password requirement. Which method did the attacker most likely use?

A. The attacker added LDAP filters as unsanitized input by creating a condition that is always true.

B. The attacker inserted code into a back-end database by submitting a post to a bulletin board with a malicious script embedded in the message.

C. The attacker embedded a request for a local resource via XML with no encryption.

D. The attacker modified a basic SQL function, adding code to some input that an app accepts, causing it to execute the attacker’s query.

Answer 18

A

Question 19

Which scenario best describes provisioning?

A. A developer removes an application from packages or instances.

B. A developer deploys an application to the target environment.

C. A developer sets up ID system for each iteration of a software product.

D. A developer commits and tests updates.

Answer 19

B

Question 20

Which of the following is a common solution that protects an application from behaving in an unexpected way when passing invalid data through an attack?

A. Buffer overflow

B. Race conditions

C. Zero-day exploit

D. Input Validation

Answer 20

D

Question 21

Which of the following statements differentiates between input validation and output encoding?

A. Input validation ensures that data input into an application is in a compatible format for the application, while output encoding re-encodes data that transfers between scripts.

B. Input validation is a server-side validation method, while output encoding is a client-side validation method.

C. Output encoding is a server-side validation method, while input validation encoding is a client-side validation method.

D. Input validation forces the browser to connect using HTTPS only, while output encoding sets whether the browser can cache responses.

Answer 21

A

Question 22

Analyze the following statements and select the statement which correctly explains the difference between cross-site scripting (XSS) and cross-site request forgery (XSRF).

A. XSRF spoofs a specific request against the web application, while XSS is a means of running any arbitrary code.

B. XSS is not an attack vector, but the means by which an attacker can perform XSRF, the attack vector.

C. XSRF requires a user to click an embedded malicious link, whereas the attacker embeds an XSS attack in the document object module (DOM) script.

D. XSRF is a server-side exploit, while XSS is a client-side exploit.

Answer 22

A

Question 23

Examine each of the following statements and determine which most accurately compares an allow and block list control practices.

A. An allow list depends on security clearance levels, while a block list depends on the primacy of the resource owner.

B. A block list operates on a default-deny policy, while an allow list is a default-allow policy.

C. A block list depends on the primacy of the resource owner, while an allow list depends on security clearance levels.

D. An allow list operates on a default-deny policy, while a block list is a default-allow policy.

Answer 23

D

Question 24

Code developers de-conflict coding with one another during which phase of the software development life cycle (SDLC)?

A. Continuous integration

B. Continuous delivery

C. Continuous validation

D. Continuous monitoring

Answer 24

A

Question 25

A network user calls the help desk after receiving an error message. The caller complains that the error message does not indicate whether the username or password input was incorrect but simply states there was an authentication error. What does this situation illustrate?

A. Effective exception handling

B. Dynamic code analysis

C. Minimizing data exposure

D. Web application validation

Answer 25

A