Security Module 3 Flashcards
Which vulnerability does an attacker exploit in order to successfully harm a system via command injection?
Directory traversal
Which of the following cookies is stored in RAM and deleted when the browser is closed?
Session cookie
How does a heap spray differ from a buffer overflow attack?
A heap spray targets only specific parts of memory whereas a buffer overflow inputs more data into memory than a system is capable of governing
If a website accepts user input and doesn’t validate the input, this website may be susceptible to which of the following?
Cross-Site scripting
What is the purpose of DDoS attack?
To prevent users from accessing a network
A network, client, operating system, data and application are all examples of which of the following?
Attack vector
A DoS attack can use which protocol to conduct an attack?
ICMP
How would a website track a user’s purchasing history and advertise to the user based on these results?
Through the use of a third-party cookie
A SYN flood attack targets a vulnerability of which of the following?
Three-way handshake
Why would an attacker conduct a passive man-in-the-middle attack as opposed to an active man-in-the-middle
A passive man-in-the-middle attack can exploit the copied data at a later date making it harder to trace
If an attacker modifies a referrer filed to portray that request came from a legitimate site this is known as what?
Header manipulation
ARP poisoning can assist which other attack method?
Man-in-the-Middle
Why would an attacker steal a session token from a user?
To impersonate the user via session hijacking
Why is a zone transfer DNS poisoning generally more worthwhile for an attacker than altering a host table?
A zone transfer will affect many DNS servers as opposed to just a single host
What is a simple way to verify if a webpage is NOT capable of SQL injection?
If user input is correctly filtered
How can integer overflow attacks and buffer overflow attacks work together?
An integer overflow is imported during the buffer length calculation which could result in a buffer overflow attack
Why is vertical privilege escalation generally simpler than horizontal privilege escalation?
Vertical privilege escalation only requires access to one account as opposed to more than one
Why do zero-day attacks remain a serious threat to organizations?
Updated anti-virus software can’t detect them by comparing virus signatures
Java, Adobe Flash, and Adobe Acrobat Reader are all examples of what?
Plug-ins
Which type of attack can compromise a system just by a user viewing a web page?
A zero-pixel IFrame
