Test 10 Flashcards
Which of the following URLs is a potential indicator of a directory traversal attack?
http://www.example.com/var/../etc/passwd
http://www.example.com/var/www/../../etc/passwd
http://www.example.com/var/www/files/../../../etc/passwd
http://www.example.com/var/www/files/images/../../../../etc/passwd
A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:
Downgrade attack
A hash collision occurs when cryptographic hash function produces two different digests for the same data input.
False
Which cryptographic attack relies on the concepts of probability theory?
Birthday
A short list of commonly used passwords tried against large number of user accounts is a characteristic feature of:
Spraying attack
Which password attack bypasses account-lockout policies?
Spraying attack (
An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is called:
Brute-force attack
One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline.
True
A type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities is called:
IoC
An account lockout might indicate which type of malicious activity?
Password brute-forcing attempt
Which of the terms listed below most accurately describes a situation wherein a single account is being used from multiple locations/devices at the same time?
Concurrent session usage
Which of the following terms refers to a malicious activity indicator in a situation where a firewall or other security measure prevents an attempt to deliver malicious payload or perform an unauthorized action?
Blocked content
Which of the terms listed below most accurately describes a situation wherein an account is accessed from a location that is physically impossible for the user to be in?
Impossible travel
The term “Out-of-cycle logging” refers to instances where systems or applications produce logs outside their regular intervals or in abnormal volumes, potentially signaling malicious activity.
True
Which of the following would indicate an attempt to hide evidence of malicious activity?
Missing logs