ITN-260 Chapter 3
What language below is used to view and manipulate data that is stored in a relational database? a. SML b. HTML c. SQL d. SGML
SQL
The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below? a. C:\wwwroot b. /var/www c. C:\Inetpub\ wwwroot d. /var/html
C:\Inetpub\ wwwroot
XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user. True False
True
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service: a. SML b. HTML c. DNS d. ARP
c. DNS
Select below the string of characters that can be used to traverse up one directory level from the root directory: a. ./ b. %20/ c. ;/ d. xxs../
../
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? a. Phishing b. DNS marking c. DNS overloading d. DNS poisoning
DNS poisoning
What language below is designed to display data, with a primary focus on how the data looks? a. SML b. HTML c. SGML d. XML
HTML
What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted? a. SSL header b. HTTP header c. XML header d. HTML header
HTTP header
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? a. Man-in-the-middle b. Privilege escalation c. DNS cache poisoning d. ARP poisoning
Privilege escalation
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as: a. Session blocking b. Session spoofing c. Session hijacking d. Session replay
Session hijacking
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks. True False
True
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small. False True.
True
What language below is for the transport and storage of data, with the focus on what the data is? a. SML b. HTML c. SGML d. XML
XML
Which type of attack below is similar to a passive man-in-the-middle attack? a. hijacking b. denial c. replay d. buffer overflow
replay
HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format? a. taps b. tags c. blocks d. marks
tags
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? a. whatever; AND email IS NULL; -- b. whatever" AND email IS NULL; -- c. whatever' AND email IS NULL; -- d. whatever AND email IS NULL; --
whatever' AND email IS NULL; -
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? a. whatever; AND email IS NULL; -- b. whatever' AND email IS NULL; -- c. whatever" AND email IS NULL; -- d. whatever AND email IS NULL; --
whatever' AND email IS NULL; --
Choose the SQL injection statement example below that could be used to find specific users: a. whatever' OR full_name = '%Mia%' b. whatever' OR full_name equals '%Mia%' c. whatever' OR full_name LIKE '%Mia%' d. whatever' OR full_name IS '%Mia%'
whatever' OR full_name LIKE '%Mia%'
Which SQL injection statement can be used to erase an entire database table? a. whatever'; DELETE TABLE members; -- b. whatever'; DROP TABLE members; -- c. whatever'; RENAME TABLE members; -- d. whatever'; UPDATE TABLE members; --
whatever'; DROP TABLE members; --