Chapter 5 - CIT 270

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What two locations can be a target for DNS poisoning? (Choose all that apply.)

A. Local Host Table B. External DNS Serve

What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?

ARP

Where are MAC addresses stored for future reference?

ARP Cache

What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks?

ARP Poisoning

What type of privileges to access hardware and software resources are granted to users or devices?

Access rights

What are the two types of cross-site attacks? (Choose all that apply.)

Cross-site sripting attacks Cross-site request forgery attacks

What type of attack is being performed when multiple computers overwhelm a system with fake requests?

DDoS

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

DNS

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

DNS poisoning

What technology expands the normal capabilities of a web browser for a specific webpage?

Extensions

A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer. False or True?

False

Securing web applications is easier than protecting other systems. True of false?

False

The malicious content of an XSS URL is confined to material posted on a website. True or False?

False

The malicious content of an XSS URL is confined to material posted on a website? True of false?

False

The return address is the only element that can be altered in a buffer overflow attack. True or False?

False

What specific ways can a session token be transmitted? (Choose all that apply.)

In the URL In the header of the HTTP requisition

What type of web server application attacks introduce new input to exploit a vulnerability?

Injection attacks

An attacker who manipulates the maximum size of an integer type would be performing what kind of attack? integer overflow number overflow heap overflow buffer overflow

Integer overflow

What type of additional attack does ARP spoofing rely on?

MAC Spoofing

Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser? Plug-ins Scripts Extensions Add-ons

Plug-ins

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Privilege escalation

What language below is used to view and manipulate data that is stored in a relational database?

SQL

What language below is used to view and manipulate data that is stored in a relational database? -ISL -SQL -DQL -C

SQL

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

Session hijacking

Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?

Smurf Attack

What criteria must be met for an XXS attack to occur on a specific website?

The website must accept user input without validating it and use that input in a response.

A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it. True or False?

True

A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer True or false?

True

In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow. True or False?

True

JavaScript cannot create separate stand-alone applications. True or False?

True

Traditional network security devices can block traditional network attacks, but they cannot always block web application attacks True or False?

True

XSS is like a phishing attack but without needing to trick the user into visiting a malicious website. True or False?

True

Attackers who register domain names that are similar to legitimate domain names are performing

URL hijacking

If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known website in order for the attacker to gain Web traffic to generate income, what type of attack are they using?

URL hijacking

Which attack uses the user's web browser settings to impersonate that user? XSRF Session hijacking Domain hijacking XDD

XSRF

John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing? XSS DDoS DNS XSRF SQL

XSS

The exchange of information among DNS servers regarding configured zones is known as

Zone transfer

What type of additional attack does ARP spoofing rely on? a. MAC spoofing b. replay c.MITB d. DNS Poisoning

a. MAC spoofing

What type of attack intercepts legitimate communication and forges a fictitious response to the sender? a. MITM b. SQL intrusion c. SIDS d. interceptor

a. MITM

An attack that takes advantage of the procedures for initiating a session is known as what type of attack? a. SYN flood attack b. DNS amplification attack c. Smurf attack d. IP spoofing

a. SYN flood attack

When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack? a. denial of service b. blocking c. MITM d. spoofing

a. denial of service

What type of attack involves manipulating third-party ad networks? a. Session advertising b. Malvertising c. Clickjacking d. Directory traversal

b. Malvertising

What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor? a. pointer hack b. domain hijacking c. DNS spoofing d. clickjacking

b. domain hijacking

What type of attack intercepts communication between parties to steal or manipulate the data? a. MAC spoofing b. man-in-the-browser c. replay d. ARP poisoning

b. man-in-the-browser

Which of the following are considered to be interception attacks? (Choose all that apply.) a. amplification attack b. replay attacks c. denial of service d. man-in-the-middle

b. replay attacks d. man-in-the-middle

Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect? a. Web server buffer and host DNS server b. Reply referrer and domain buffer c. Host table and external DNS server d. Web browser and browser add-on

c. Host table and external DNS server

What is the difference between a DoS and a DDoS attack? a. DoS attacks do not use DNS servers as DDoS attacks do b. DoS attacks are faster than DDoS attacks c. DoS attacks user more memory than a DDoS attack d. DoS attacks use fewer computers than DDoS attacks

d. DoS attacks use fewer computers than DDoS attacks

Choose the SQL injection statement example below that could be used to find specific users: a. whatever' OR full_name IS '%Mia%' b. whatever' OR full_name = '%Mia%' c. whatever' OR full_name equals '%Mia%' d. whatever' OR full_name LIKE '%Mia%'

d. whatever' OR full_name LIKE '%Mia%'

Which type of attack below is similar to a passive man-in-the-middle attack?

replay

Which SQL injection statement example below could be used to discover the name of the table?

whatever' AND 1=(SELECT COUNT(*) FROM tabname); --

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? whatever' AND email IS NULL; -- whatever; AND email IS NULL; - whatever AND email IS NULL; -- whatever" AND email IS NULL; --

whatever' AND email IS NULL; --


Kaugnay na mga set ng pag-aaral

Introduction to Statistics Quiz - Intro Research Design Analysis

View Set

chapter 18 and 19 personality of psychology

View Set

Cumulative Exam Semester II Review

View Set

2.04 Quiz: Review of Equations 2

View Set

Phlebotomy Essentials 6th edition. ALL quizzes, ALL ch. tests, GRADED work, NOT guesses. PLUS, the FULL NAHP study guide

View Set

ANTH 1101 Peoples and Cultures (Section 1: Understanding & Studying Culture)

View Set

Gerontology Dynamic quiz practice questions

View Set