System Security Management Ch. 6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following statements is not true? A. Cookie manipulation is possible when vulnerable applications store user input and then embed that input into a response within a part of the DOM. B. An attacker can take advantage of stored DOM-based vulnerabilities to create a URL to set an arbitrary value in a user's cookie. C. The impact of a stored DOM-based vulnerability depends on the role that the cookie plays within the application. D. A best practice to avoid cookie manipulation attacks is to dynamically write to cookies using data originating from untrusted sources.

A best practice to avoid cookie manipulation attacks is to dynamically write to cookies using data originating from untrusted sources.

You can find XSS vulnerabilities in which of the following? A. HTTP headers B. Input fields that echo user data C. All of these D. Search fields that echo a search string back to the user

All of these

Which of the following occurs when a user who is authenticated by an application through a cookie saved in the browser unwittingly sends an HTTP request to a site that trusts the user, subsequently triggering an unwanted action? A. CSRF B. Fuzzing C. Reflected XSS D. Session fixation

CSRF

Which of the following vulnerabilities can be exploited with the parameters used in the following URL? http://h4cker.org/resource/?password_new=newpasswd&password_conf=newpasswd &Change=Change# A. SQL injection B. Session manipulation C. CSRF or XSRF D. Reflected XSS

CSRF or XSRF

Which of the following is not an example of a vulnerable application that you can use to practice your penetration testing skills? A. DVWA B. Cyber range C. Hackazon D. WebGoat

Cyber range

What type of vulnerability or attack is demonstrated in the following URL? https://store.h4cker.org/buyme/?page=../../../../../etc/passwd A. Stored XSS B. DOM-based XSS C. SQL injection D. Directory (path) traversal

Directory (path) traversal

Which of the following is a black-box testing technique that consists of sending malformed/semi-malformed data injection in an automated fashion? A. Bursting B. Man-in-the-middle C. Fuzzing D. Brute forcing

Fuzzing

What type of vulnerabilities can be triggered by using the parameters in the following URL? https://store.h4cker.org/?search=cars&results=20&search=bikes A. SQL injection B. HTTP parameter pollution (HPP) C. Command injection D. XSS

HTTP parameter pollution (HPP)

Which of the following is true about DOM-based XSS? A. None of these B. In DOM-based XSS, the payload is never sent to the client. Instead, the payload is only processed by the web server. C. In DOM-based XSS, the payload can be sent to the server or the client. D. In DOM-based XSS, the payload is never sent to the server. Instead, the payload is only processed by the web client (browser).

In DOM-based XSS, the payload is never sent to the server. Instead, the payload is only processed by the web client (browser).

What type of vulnerabilities can be triggered by using the parameters in the following URL? http://web.h4cker.org/changepassd?user=chris A. Indirect Object Reference B. XSS C. SQL injection D. Insecure Direct Object Reference

Insecure Direct Object Reference

What type of security malpractice is shown in the following example? <input type="hidden" id="123" name="price" value="100.00"> A. Insecure hidden form elements B. Weak ID C. Weak form values D. Invalid HTML signing

Insecure hidden form elements

Which of the following is a hashing algorithm that should be avoided? A. DES B. RC4 C. MD5 D. RSA-1024

MD5

Which of the following is not an example of an HTTP method? A. DELETE B. TRACE C. REST D. PUT

REST

Which of the following is a type of attack that takes place when a system or an application attempts to perform two or more operations at the same time? A. Race condition B. Reflected XSS C. Clickjacking D. Session hijacking

Race condition

Local file inclusion (LFI) vulnerabilities occur when a web application allows a user to submit input into files or upload files to the server. Successful exploitation could allow an attacker to perform which of the following operations? A. Invoke PowerShell scripts to perform lateral movement B. Execute code hosted in a system controlled by the attacker C. Read and (in some cases) execute files on the victim's system D. Inject shell code on an embedded system

Read and (in some cases) execute files on the victim's system

Which of the following is true about reflected XSS? A. In reflected XSS, the payload is never sent to the server; this is similar to a blind SQL injection. B. Reflected XSS attacks can be found by fuzzing a database. C. Reflected XSS attacks are not persistent. D. Reflected XSS attacks are persistent.

Reflected XSS attacks are not persistent.

What type of vulnerability or attack is demonstrated in the following URL? http://web.h4cker.org/?page=http://malicious.h4cker.org/malware.js A. Reflected XSS B. Local file inclusion C. Remote file inclusion D. SQL injection

Remote file inclusion

Which of the following is a mitigation technique for preventing clickjacking attacks? A. Replacing an older X-Frame-Options or CSP frame ancestors B. Converting "e; to &quot; C. Converting to &#x27; D. Converting < to &lt;

Replacing an older X-Frame-Options or CSP frame ancestors

Consider the following string: Ben' or '1'='1 A. XSRF B. XSS C. SQL injection D. CSRF

SQL injection

Which of the following is a modern framework of API documentation and development and the basis of the OpenAPI Specification (OAS), which can be very useful for pen testers to get insights into an API? A. Swagger B. GraphQL C. SOAP D. WSDL

Swagger

Which of the following is not true? A. The session ID is a name/value pair. B. None of these C. Once an authenticated session has been established, the session ID (or token) is temporarily equivalent to the strongest authentication method used by the application, such as usernames and passwords, one-time passwords, and client-based digital certificates. D. The session ID (or token) is temporarily equivalent to the strongest authentication method used by the application prior to authentication.

The session ID (or token) is temporarily equivalent to the strongest authentication method used by the application prior to authentication.

Software developers should escape all characters (including spaces but excluding alphanumeric characters) with the HTML entity &#xHH; format to prevent what type of attack? A. DDoS attacks B. Brute-force attacks C. XSS attacks D. CSRF attacks

XSS attacks


Ensembles d'études connexes

16 (PRLINV) Public Sources of Information

View Set

Elementary Physics 1310 Exam 3 Xiao

View Set

Chapter 3 (Part 1) | Mid-Term 1301

View Set