Security Module 3 Flashcards
Which vulnerability does an attacker exploit in order to successfully harm a system via command injection?
Directory traversal
Which of the following cookies is stored in RAM and deleted when the browser is closed?
Session cookie
How does a heap spray differ from a buffer overflow attack?
A heap spray targets only specific parts of memory whereas a buffer overflow inputs more data into memory than a system is capable of governing
If a website accepts user input and doesn’t validate the input, this website may be susceptible to which of the following?
Cross-Site scripting
What is the purpose of DDoS attack?
To prevent users from accessing a network
A network, client, operating system, data and application are all examples of which of the following?
Attack vector
A DoS attack can use which protocol to conduct an attack?
ICMP
How would a website track a user’s purchasing history and advertise to the user based on these results?
Through the use of a third-party cookie
A SYN flood attack targets a vulnerability of which of the following?
Three-way handshake
Why would an attacker conduct a passive man-in-the-middle attack as opposed to an active man-in-the-middle
A passive man-in-the-middle attack can exploit the copied data at a later date making it harder to trace
If an attacker modifies a referrer filed to portray that request came from a legitimate site this is known as what?
Header manipulation
ARP poisoning can assist which other attack method?
Man-in-the-Middle
Why would an attacker steal a session token from a user?
To impersonate the user via session hijacking
Why is a zone transfer DNS poisoning generally more worthwhile for an attacker than altering a host table?
A zone transfer will affect many DNS servers as opposed to just a single host
What is a simple way to verify if a webpage is NOT capable of SQL injection?
If user input is correctly filtered
