ITN 261 Chapter 12
12. Which technology can provide protection against session hijacking? A. IPsec B. UDP C. TCP D. IDS
A
13. Session fixation is a vulnerability in which of the following? A. Web applications B. Networks C. Software applications D. Protocols
A
1. Which statement defines session hijacking most accurately? A. Session hijacking involves stealing a user's login information and using that information to pose as the user later. B. Session hijacking involves assuming the role of a user through the compromise of physical tokens such as common access cards. C. Session hijacking is an attack that aims at stealing a legitimate session and posing as that user while communicating with the web resource or host machine. D. Session hijacking involves only web applications and is specific to stealing session IDs from compromised cookies.
C
5. Which of the following is not a source of session IDs? A. URL B. Cookie C. Anonymous login D. Hidden login
C
6. Which kind of values is injected into a connection to the host machine in an effort to increment the sequence number in a predictable fashion? A. Counted B. Bit C. Null D. IP
C
20. Session hijacking can do all of the following except which one? A. Take over an authenticated session B. Be used to steal cookies C. Take over a session D. Place a cookie on a server
D
This attack occurs when a malicious party injects browser executable code within a single HTTP response. Reflected XSS Session Fixation URL Poisoning Stored XSS
Reflected XSS
This attack involves the disclosure of the user's session cookie or allowing an attacker to hijack the user's session and take over the account. A. XSS B. CSS C. CSRF D. Session Fixation
XSS
This attack redirects traffic to an inaccurate physical address mapping, usually the attacker's machine, putting the attacker's machine in the logical middle of all communications between the victim's machine and the authenticated host. A. Session splicing B. Denial-of-service C. Source routing D. ARP Cache Poisoning
D
10. Julie has sniffed an ample amount of traffic between the targeted victim and an authenticated resource. She has been able to correctly guess the packet sequence numbers and inject packets, but she is unable to receive any of the responses. What does this scenario define? A. Switched network B. SSL encryption C. TCP hijacking D. Blind hijacking
D
11. Session hijacking can be performed on all of the following protocols except which one? A. FTP B. SMTP C. HTTP D. IPsec
D
16. A man-in-the-browser attack is typically enabled by using which mechanism? A. Virus B. Worms C. Logic bombs D. Trojans
D
19. A session hijack can be initiated from all of the following except which one? A. Emails B. Browsers C. Web applications D. Cookies and devices
D
4. Jennifer is a junior system administrator for a small firm of 50 employees. For the last week a few users have been complaining of losing connectivity intermittently with no suspect behavior on their part such as large downloads or intensive processes. Jennifer runs Wireshark on Monday morning to investigate. She sees a large amount of ARP broadcasts being sent at a fairly constant rate. What is Jennifer most likely seeing? A. ARP poisoning B. ARP caching C. ARP spoofing D. DNS spoofing
A
9. A public use workstation contains the browsing history of multiple users who logged in during the last seven days. While digging through the history, a user runs across the following web address: www.snaz22enu.com/&w25/session=22525. What kind of embedding are you seeing? A. URL embedding B. Session embedding C. Hidden form embedding D. Tracking cookie
A
2. Jennifer has been working with sniffing and session-hijacking tools on her company network. Since she wants to stay white hat—that is, ethical—she has gotten permission to undertake these activities. What would Jennifer's activities be categorized as? A. Passive B. Monitoring C. Active D. Sniffing
A
18. A session hijack can happen with which of the following? A. Networks and applications B. Networks and physical devices C. Browsers and applications D. Cookies and devices
A
This vulnerability exists when an application fails to create a new session ID when a new user authenticates to the application. The attacker must induce a user to authenticate using a known session ID and then hijack the session Reflected XSS Session Fixation URL Poisoning Stored XSS
Session Fixation
8. Network-level hijacking focuses on the mechanics of a connection such as the manipulation of packet sequencing. What is the main focus of web app session hijacking? A. Breaking user logins B. Stealing session IDs C. Traffic redirection D. Resource DoS
Stealing session IDs
This attack is enabled by any web application that allows a visitor to store data when they visit the site Reflected XSS Session Fixation URL Poisoning Stored XSS
Stored XSS