ITN 260- Chapter 3

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A web browser makes a request for a web page using the ________________.

Hypertext Transfer Protocol (HTTP)

A TCP/IP communication begins with a control message, known as a ________________, to initialize the connection.​

SYN

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?

C:\Inetpub\ wwwroot

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

DNS

XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.

True

Select below the string of characters that can be used to traverse up one directory level from the root directory:

../

A- An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets. B- Injecting and executing commands to execute on a server C- An attack that corrupts the ARP cache D- A form of verification used when accessing a secure web application E- An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer F- An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim. G- Another name for locally shared object (LSO) H- Part of the TCP/IP protocol for determining the MAC address based on the IP address. I- An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device. J- An attack that injects scripts into a web application server to direct attacks at clients.

A- Ping Flood B- Command Injection C- ARP Poisoning D- Session Token E- Buffer Overflow Attack F- Smurf Attack G- Flash Cookie H- Address Resolution Protocol (ARP) I- DNS Poisoning J- Cross-site scripting (XSS)

The predecessor to today's Internet was a network known as ____________________.

ARPAnet

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

DNS poisoning

A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

Drive-by-Download

Because of the minor role it plays, DNS is never the focus of attacks.

False

Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.

False

What language below is designed to display data, with a primary focus on how the data looks?

HTML

What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?

HTTP header

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Privilege Escalation

Which type of attack below is similar to a passive man-in-the-middle attack?

Replay

To what specific directory are users generally restricted to on a web server?

Root

Attacks that take place against web based services are considered to be what type of attack?

Server-side

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

Session Hijacking

HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?

Tags

ARP poisoning is successful because there are no authentication procedures to verify ARP requests and replies.

True

Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.

True

What language below is for the transport and storage of data, with the focus on what the data is?

XML

The exchange of information among DNS servers regarding configured zones is known as:

Zone Transfer

Which SQL injection statement example below could be used to discover the name of the table?

whatever' AND 1=(SELECT COUNT(*) FROM tabname); --

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?

whatever' AND email IS NULL; --

Choose the SQL injection statement example below that could be used to find specific users:

whatever' OR full_name LIKE '%Mia%'


Ensembles d'études connexes

Tableau Desktop Certification Practice Exam 3

View Set

Pharmacological & Parental Therapies

View Set

CompTIA A+ Exam 220-1001 - Network Protocols

View Set