Chapter 6
Terry is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place? Cross site request forgery Server siude request forgery Command injection Buffer overflow
Buffer overflow
Kim creates open-source software tools and wants to assure users that the code they received is authentic code provided by the author. What technique can Kim use to provide this assurance? Code signing Code endorsement Code encryption Code obfuscation
Code signing
Which of the following measures would database administrators consider to be the best defense against data exposure? Normalization Data minimization Tokenization Hashing
Data minimization
When making a change to a web application in use by an organization to fix a bug, the work should be completed in the _____________ environment. Test Development Stagin Production
Development
Taylor is designing a pentest platform that needs to be able to expand and contract as needs change. Which of the following terms describes Taylor's goal? Elasticity Scalability Agility Cost effectiveness
Elasticity
Morgan is testing software by sending invalid and even random data to the application. What type of code testing is Morgan conducting? Mutation testing Static code analysis Dynamic ocde analysis Fuzzing
Fuzzing
Jen is engaged in a penetration test and wishes to eavesdrop on communications between a user and a web server. What type of attack would Jen likely use? Man in the middle Session hijacking Buffer overflow Meet in the middle
Main in the middle
Precompiled SQL statements that only require variables to be input are an example of what type of application security control? Parameterized queries Encoding Data Input validation Appropriate access controls
Parameterized queries
The phases of the software development life cycle in order are: Planning , Requirements , Design , Coding , Testing , Training and Transition , and Ongoing Operations and Maintenance . What is the order they go in?
Planning -> Requirements -> Design -> Coding -> testing -> Training and Transition -> Ongoing Opeartions and Maintenance
Sam is conducting a penetration test in preparation for an external pentest engagement. Sam attempts a session hijacking attack which will require a __________ to be successful. Sessiong ticket Session cookie Username User password
Session cookie