Vulnerabilities and Impacts Flashcards
You’re reviewing a custom web application and accidentally type a number in a text field. The application returns an error message containing variable names, filenames, and the full path of the application. This is an example of which of the following?
Resource exhaustion
Improper error handling
Generic error message
Improper error handling
When an application fails to properly trap an error and generates error messages containing potentially sensitive information, this is known as improper error handling
A web server in your organization has been defaced. The server is patched and properly configured as far as anyone can tell. Your logs show unusual traffic from external IP addresses just before the defacement occurred. It’s possible your server was attacked by which of the following?
Misconfiguration attack
Insider threat
Zero day exploit
Zero day exploit
If a completely patched, properly configured server is successfully attacked, the most likely culprit is a zero day exploit. With zero day exploits, the vulnerability being exploited is unknown to the general public or the developer, so even a “fully patched” system is potentially vulnerable to zero day exploits
You’re working with a group testing a new application. You’ve noticed that when three or more of you click Submit on a specific form at the same time, the application crashes every time. This is most likely an example of which of the following?
A race condition
A nondeterministic error
Undocumented feature
A race condition
This is most likely an example of a race condition. A race condition is an error condition that occurs when the output of a function is dependent on the sequence or timing of the inputs. In this case, the application crashes when multiple inputs are submitted at the same time because the application is not receiving the inputs or handling the inputs in the expected order
Which of the following is a vulnerability related to a lack of vendor support?
The product has been declared “end-of-life” by the vendor.
The vendor is no longer in business.
The vendor does not support nonstandard configurations for its products.
All of the above.
All of the above.
All of these are potential vulnerabilities associated with a lack of vendor support. When a vendor declares a product to be end-of-life, the vendor typically ends support for that product, which typically means it will provide no updates, patches, or maintenance even if critical vulnerabilities are later discovered. A vendor that no longer exists clearly can’t provide support or patches. Vendors that support only specific configurations may not provide maintenance, features, or patches that allow their product to work securely in your specific environment
An externally facing web server in your organization keeps crashing. Looking at the server after a reboot, you notice CPU usage is pegged and memory usage is rapidly climbing. The traffic logs show a massive amount of incoming HTTP and HTTPS requests to the server. Which type of attack is this web server experiencing?
Input validation
Distributed error handling
Resource exhaustion
Resource exhaustion
Resource exhaustion is the state where a system does not have all of the resources it needs to continue to function. In this case the server does not have the memory or CPU capacity to handle the massive volume of HTTP/HTTPS requests that are coming into the server
A colleague on your team takes three times longer than you do to complete common tasks in a particular application. When you go to help him, you notice immediately that he doesn’t use any of the shortcuts designed into the application. When you ask him why he is not using shortcuts, he tells you he didn’t know the shortcuts exist. This is an example of which of the following?
An untrained user
Improper application configuration
Memory leak
An untrained user
Your colleague is an untrained user. Untrained users are users who do not know how to operate a system efficiently or securely because they haven’t received training associated with the system’s capabilities
Your organization is considering using a new ticket identifier with your current help desk system. The new identifier would be a 16-digit integer created by combining the date, time, and operator ID. Unfortunately, when you’ve tried using the new identifier in the “ticket number” field on your current system, the application crashes every time. The old method of using a 5-digit integer works just fine. This is most likely an example of which of the following?
Zero day vulnerability
Memory leak
Integer overflow
Integer overflow
An integer overflow is a programming error condition that occurs when a program attempts to store a numeric value, an integer, in a variable that is too small to hold it. In this case the 16-digit integer is too large for the field that’s working just fine with the 5-digit integer
While examining a laptop infected with malware, you notice the malware loads on startup and also loads a file called netutilities.dll each time Microsoft Word is opened. This is an example of which of the following?
Zero day exploit
DLL injection
System infection
DLL injection
This is an example of DLL injection. DLL injection is the process of adding to a program at run time a DLL that has a specific vulnerability of function that can be capitalized upon by an attacker
ou’re providing incident response services for a small company after a breach. The first thing you notice is the entire network is completely flat once you get behind the firewall. Services, user workstations, and printers are all on the same subnet with no VLANs or network segmentation. This is an example of what type of weakness?
Architecture/design weakness
Network traversal weakness
TCP overflow weakness
Architecture/design weakness
A flat network designed with no network segmentation increases the likelihood an attacker can easily traverse the network and gain access to sensitive information. The problem lies with the how the network was designed/built. This is known as an architecture/design weakness
A web application you are reviewing has an input field for username and indicates the username should be between 6 and 12 characters. You’ve discovered that if you input a username 150 characters or more in length, the application crashes. What is this is an example of?
Memory leak
Buffer overflow
Directory traversal
Buffer overflow
This is a fairly classic example of a buffer overflow. The input routine does not validate the provided input to ensure a maximum of 12 characters are received and processed. In this case, the application tries to store all 150 or more characters of the username, resulting in areas of memory being overwritten and causing the application to crash
You’ve been asked to help address some findings from a recent PCI (Payment Card Industry) audit, one of which is support for SSL 2.0 on a web server. Your CFO wants to know why SSL 2.0 support is a problem. You tell her SSL 2.0 support is an example of which of the following vulnerabilities?
Separation of duties
Resource exhaustion
Weak cipher suites
Weak cipher suites
SSL 2.0 is an example of a weak cipher suite. While technically the protocol used for SSL 2.0 is not a “vulnerability,” the cipher suites used in SSL 2.0 are cryptographically insecure—meaning an attacker can “break them” and access the content you are trying to protect
Your organization is having issues with a custom web application. The application seems to run fine for a while but starts to lock up or crash after 7 to 10 days of continuous use. Examining the server, you notice that memory usage seems to climb every day until the server runs out of memory. The application is most likely suffering from which of the following?
Memory leak
Overflow leak
Zero day exploit
Memory leak
Memory leaks are programming errors caused when a computer program does not properly handle memory resources. Over time, while a program runs, if it does not clean memory resources as they are no longer needed, it can grow in size, with chunks of dead memory being scattered across the program’s footprint in memory. If a program executes for a long time, these can grow and consume resources, causing a system to crash
While examining internal network traffic, you notice a large amount of suspicious traffic coming from an IP address in the development environment. The IP address isn’t listed on any network diagram and shouldn’t be active on your network as far as you can tell. When you ask the developers about it, one of them tells you he set up that server over 12 months ago for a temporary project and forgot all about it. This is an example of which of the following?
Single server contingency
DLL injection
Undocumented asset
Undocumented asset
This is a good example of an undocumented asset. The server was added to the environment, but the appropriate network documentation was never updated
While auditing an organization, you discover that new users are added to the domain by sending an e-mail request to the IT department, but the e-mails don’t always come from Human Resources, and IT doesn’t always check with HR to ensure the new user request corresponds to an authorized user. This is an example of which of the following?
Process overflow
Vulnerable business process
Insider threat
Vulnerable business process
This is an example of a vulnerable business process. If IT is creating new user accounts based on e-mails it receives without validating that the requests are valid, then an attacker could take advantage of this process
Which of the following is an example of an embedded system?
A user workstation
A web server
A network-enabled thermostat
A network-enabled thermostat
The network-enabled thermostat is an example of an embedded system. This device is a stand-alone, single-purpose system that is a component of a larger system (the HVAC system in this case)