Test 8 Flashcards
Which of the answers listed below refers to a security vulnerability that enables inserting malicious code into input fields, such search bars or login forms, to execute unauthorized commands on a database?
SQLi ( Missed)
Which of the following indicates an SQL injection attack attempt?
SELECT * FROM users WHERE userName = ‘Alice’ AND password = ‘’ OR ‘1’ = ‘1’;
Which of the answers listed below describe the characteristics of a cross-site scripting attack? (Select 3 answers)
Exploits the trust a user’s web browser has in a website ( Missed)
A malicious script is injected into a trusted website ( Missed)
User’s browser executes attacker’s script ( Missed)
Which of the following answers refers to a type of software embedded into a hardware chip?
Firmware
Which of the terms listed below refers to a situation in which a product or service may no longer receive security patches or other updates, making it more vulnerable to attack?
EOL
What is the main vulnerability related to legacy hardware?
Lack of security updates and patches
The term “VM escape” refers to the process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine.
True
Which of the following answers refers to a virtualization-related vulnerability where virtualized assets allocated to one VM are improperly isolated and can be accessed or compromised by another VM?
Resource reuse
Which of the answers listed below refers to a cloud-related vulnerability type?
Insecure APIs
Poor access controls
Lack of security updates
Misconfigured cloud storage
Shadow IT / Malicious insiders
The practice of installing mobile apps from websites and app stores other than the official marketplaces is referred to as:
Sideloading
Which of the following terms is used to describe the process of removing software restrictions imposed by Apple on its iOS operating system?
Jailbreaking
The term “Rooting” refers to the capability of gaining administrative access to the operating system and system applications on:
Android devices
A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is known as:
Zero-day attack
Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is called:
Ransomware
A Trojan horse is a type of software that performs harmful actions under the guise of a legitimate and useful program. The most characteristic feature of Trojan horse is that while it may function as a legitimate program and possess all the expected functionalities, it also contains a concealed portion of malicious code that the user is unaware of.
True