Intro to Cyber Security Unit 5 Quiz
What is a session token?
A random string assigned by a web server
What is the difference between a DoS and a DDoS attack?
DoS attacks use fewer computers than DDoS attacks
Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect?
Host table and external DNS server
What type of attack intercepts legitimate communication and forges a fictitious response to the sender?
MITM
What type of attack involves manipulating third-party ad networks?
Malvertising
Which attack intercepts communications between a web browser and the underlying computer?
Man-in-the-browser (MITB)
Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser?
Plug-ins
Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about?
Privilege escalation
Why are extensions, plug-ins, and add-ons considered to be security risks?
They have introduced vulnerabilities in browsers.
What is the basis of an SQL injection attack?
To insert SQL statements through unfiltered user input
Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks?
Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
Attackers who register domain names that are similar to legitimate domain names are performing ______.
URL hijacking
Which attack uses the user's web browser settings to impersonate that user?
XSRF
John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing?
XSS
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack?
integer overflow
A replay attack ______.
makes a copy of the transmission for use at a later time
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another?
privilege escalation
Which of these is not a DoS attack?
push flood
Which action cannot be performed through a successful SQL injection attack?
reformat the web application server's hard drive
DNS poisoning ______.
substitutes DNS addresses so that the computer is automatically redirected to another device
