Security Vulnerabilities Flashcards

Mock Exam Revision

1
Q

Cloud-related vulnerability types:

A

Insecure APIs

Poor access controls

Lack of security updates

Misconfigured cloud storage

Shadow IT / Malicious insiders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the terms listed below refers to a situation in which a product or service may no longer receive security patches or other updates, making it more vulnerable to attack?

A. EOL
B. ALM
C. EOS
D. SDLC

A

EOS (End of Support/Service)

The date when a vendor discontinues maintenance, updates, and security patches for a product. Using EOS tech exposes users to unpatched vulnerabilities and compliance risks. Common in operating systems (Windows XP), IoT devices, and SaaS platforms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cross-Site Scripting (XSS)

A web vulnerability where attackers inject client-side scripts into pages viewed by others. Exploits trust in a site to bypass same-origin policy, enabling cookie theft, defacement, or malware delivery. Mitigated via output encoding, input validation, and secure HTTP headers (CSP).

A

Characteristics:

Exploits the trust a user’s web browser has in a website.

A malicious script is injected into a trusted website.

User’s browser executes attacker’s script.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A type of exploit in which an application overwrites the contents of a memory area it should not have access to is called:

A. DLL injection
B. Buffer overflow
C. Memory leak
E. Privilege escalation

A

Buffer Overflow

A software vulnerability where writing excess data beyond a memory buffer’s allocated space corrupts adjacent memory, potentially allowing arbitrary code execution. Common in C/C++ due to lack of bounds checking. Defences include stack canaries, DEP (Data Execution Prevention), and secure coding practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:

A. DLL
B. API
C. EXE
D. INI

A

A DLL (Dynamic Link Library)

A shared library file in Windows containing code/data used by multiple programs simultaneously. Enables modular programming, reduces redundancy, and supports runtime linking. Vulnerable to hijacking if apps load DLLs from untrusted paths.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly