Module 10 Quiz

Question 1

Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript (True or False)

Answer 1

True

Question 2

Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?

Answer 2

Stored

Question 3

Which of the following application tests analyzes an application’s source code for vulnerabilities, and is therefore only possible when the source code of an application is available?

Answer 3

Static Application Security Testing

Question 4

Visual Basic Script (VBScript) is a scripting language developed by which of the following companies?

Answer 4

Microsoft

Question 5

Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device?

Answer 5

connection strings

Question 6

Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?

Answer 6

PHP

Question 7

CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN. (True or False)

Answer 7

True

Question 8

A user can view the source code of a PHP file by using their Web browser’s tools. (True or False)

Answer 8

False

Question 9

Which of the following results from poorly configured technologies that a Web application runs on top of?

Answer 9

security misconfigurations

Question 10

Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?

Answer 10

injection

Question 11

Which JavaScript function is a “method” or sequence of statements that perform a routine or task?

Answer 11

getElementById()

Question 12

Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?

Answer 12

Microsoft Security Bulletin

Question 13

Which of the following is an alternative term used when referring to Application Security?

Answer 13

AppSec

Question 14

Which of the following application tests analyzes a running application for vulnerabilities?

Answer 14

Dynamic Application Security Testing

Question 15

Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?

Answer 15

business logic

Question 16

Which specific type of tag do All CFML tags begin with?

Answer 16

CF

Question 17

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?

Answer 17

developer tools

Question 18

Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?

Answer 18

ADO

Question 19

Adobe System’s ColdFusion uses its proprietary tags, which are written in which of the following languages?

Answer 19

CFML

Question 20

What is the specific act of checking a user’s privileges to understand if they should or should not have access to a page, field, resource, or action in an application?

Answer 20

authorization

Question 21

Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?

Answer 21

OLE DB

Question 22

Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers?

Answer 22

SQLOLEDB

Question 23

OLE DB relies on connection strings that enable the application to access the data stored on an external device. (True or False)

Answer 23

True

Question 24

Which of the following is the interface that determines how a Web server passes data to a Web browser?

Answer 24

CGI

Question 25

To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?

Answer 25

cgi-bin

Question 26

What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?

Answer 26

input validation

Question 27

Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?

Answer 27

reflected

Question 28

What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?

Answer 28

Windows Containers

Question 29

What type of Windows Server is the most likely server to be targeted by a computer hacker?

Answer 29

Domain Controller

Question 30

What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits?

Question 31

Which of the following is the act of performing a task over and over?

Answer 31

Looping

Question 32

What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?

Answer 32

Electronic Communication Privacy Act

Question 33

What security certification did the “The International Council of Electronic Commerce Consultants” (EC-Council) develop?

Answer 33

Certified Ethical Hacker (CEH)

Question 34

What type of laws should a penetration tester or student learning hacking techniques be aware of?

Answer 34

All of the above

Question 35

What acronym represents the U.S. Department of Justice new branch that addresses computer crime?

Answer 35

CHIP

Question 36

What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network?

Answer 36

Acceptable Use Policy

Question 37

What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?

Answer 37

443

Question 38

What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?

Answer 38

Application

Question 39

What TCP/IP protocol is used to send messages related to network operations and can be used to troubleshoot network connectivity?

Answer 39

ICMP

Question 40

What layer, in the TCP/IP stack, do applications and protocols, such as HTTP and Telnet, operate?

Answer 40

Application

Question 41

Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?

Answer 41

signatures

Question 42

Malware programs cannot be detected by antivirus programs.

Answer 42

False

Question 43

What type of attack causes the victim’s computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?

Answer 43

Ping of Death

Question 44

When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?

Answer 44

zombies

Question 45

When a programmer exploits written code that doesn’t check for a defined amount of memory space they are executing which of the following attacks?

Answer 45

buffer overflow

Question 46

Which of the following is a text file generated by a Web server and stored on a user’s browser?

Answer 46

cookie

Question 47

Which tool can be used to gather competitive intelligence from Web sites?

Answer 47

Metis

Question 48

Namedroppers is a tool that can be used to capture Web server information and vulnerabilities in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows.

Answer 48

False

Question 49

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

Answer 49

Piggybacking

Question 50

Which utility is used to gather IP and domain information?

Answer 50

Whois

Question 51

When writing a script which statement allows you to avoid creating an endless loop in your script?

Answer 51

while

Question 52

What open-source network utility allows you to use plug-ins to run test programs (scripts) that can be selected from the client interface?

Answer 52

OpenVAS

Question 53

One of the limitations when using “ping sweeps” is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?

Answer 53

reply

Question 54

What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?

Answer 54

Fping

Question 55

What type of port scan has the FIN, PSH, and URG flags set?

Answer 55

XMAS scan

Question 56

Which of the following is a useful enumeration tool that enables you to find out who is logged into a *nix system with one simple command?

Answer 56

Finger utility

Question 57

Which of the following commands gives you a quick way to see if there are any shared resources on a computer or server?

Answer 57

Net View

Question 58

What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?

Answer 58

Windows Containers

Question 59

What type of Windows Server is the most likely server to be targeted by a computer hacker?

Answer 59

Domain Controller

Question 60

What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits?

Answer 60

SecureBoot

Question 61

Which of the following is the act of performing a task over and over?

Answer 61

Looping

Question 62

Which of the following takes you from one area of a program (a function) to another area?

Answer 62

Branching

Question 63

Which of the following is a backdoor initiated from inside the target’s network that makes it possible to take control of the target even when it’s behind a firewall?

Answer 63

reverse shell