Security+ Chapter 7

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?

SQL injection

Which of the following is used to refer to any sophisticated series of related attacks taking place over an extended period of time?

APT

A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?

Buffer overflow

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?

Client-side scripts

During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?

Code review

Which of the following are subject to SQL injection attacks?

Database servers

You visit a website and a pop-up appears that says your PC has been infected by a virus and you must click on the link in the pop-up in order to remove the virus. You click on the link and malware is installed on your PC. Which type of attack has occurred?

Drive-by download

Which of the following enters random data to the inputs of an application?

Fuzzing

Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?

Hacktivist

Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?

Input validation

The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: Implement principle of least privilege Implement data loss prevention measures (DLP) Place servers and networking equipment in a locked server room Which type of threat actor do these steps guard against?

Insider

After an investigation it has been determined that a particular hacker presents an advanced persistent threat and is purely financially motivated. Which type of threat actor is this most likely?

Organized crime

Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?

XSS

Which of the following terms refers to the process of establishing a standard for security? A. Baselining B. Security evaluation C. Hardening D. Methods research

a

You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be exam- ined and acted on. Which of the following terms describes the process of improving security in a NOS? A. Common Criteria B. Hardening C. Encryption D. Networking

b


Ensembles d'études connexes

Anthro multiple choice test all ch

View Set

MMG 301 - Module 26: Ecology Concepts and Methods

View Set

BIOL 1406 Final Exam Study Guide

View Set

ACQ 101 Module 7 Financial Management

View Set

Intermediate Accounting 2 Exam 1

View Set

N3 語彙:新完全マスター:日本語能力試験

View Set

Chapter 50 - Disorders of Musculoskeletal FUnction

View Set