Module 3 Virtual Labs

Which of the following statements are true for a zero-day attack?

A zero-day attack is impossible to detect as it exploits the unknown vulnerabilities A zero-day vulnerability can only be discovered when the software is deployed

What term best describes the link to the device platform that allows a developer to access resources at a higher level.

API

Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?

Buffer Overflow

Which of the following code provides instructions to the hardware?

Firmware

software apps installed on a device before the purchase are known as which of the following?

PUP

For which of the following Windows versions, Microsoft has stopped providing support services?

Windows XP Windows 7

Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?

cross site scripting

Which of the following is known as out-of-the-box configuration?

default settings

An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?

directory listing

Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?

error based sql injection

Which of the following provides unauthorized access to another user's system resources or application files at the same level/role within an organization?

horizontal privilege esculation

Which of the following is also known as a "dot dot slash" attack?

path traversal

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following?

session hijacking