Security+ Chapter 7
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?
SQL injection
Which of the following is used to refer to any sophisticated series of related attacks taking place over an extended period of time?
APT
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
Buffer overflow
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
Client-side scripts
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?
Code review
Which of the following are subject to SQL injection attacks?
Database servers
You visit a website and a pop-up appears that says your PC has been infected by a virus and you must click on the link in the pop-up in order to remove the virus. You click on the link and malware is installed on your PC. Which type of attack has occurred?
Drive-by download
Which of the following enters random data to the inputs of an application?
Fuzzing
Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?
Hacktivist
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
Input validation
The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: Implement principle of least privilege Implement data loss prevention measures (DLP) Place servers and networking equipment in a locked server room Which type of threat actor do these steps guard against?
Insider
After an investigation it has been determined that a particular hacker presents an advanced persistent threat and is purely financially motivated. Which type of threat actor is this most likely?
Organized crime
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
XSS
Which of the following terms refers to the process of establishing a standard for security? A. Baselining B. Security evaluation C. Hardening D. Methods research
a
You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be exam- ined and acted on. Which of the following terms describes the process of improving security in a NOS? A. Common Criteria B. Hardening C. Encryption D. Networking
b