Intro to Network Security sixth ed chapter 5

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

C. makes a copy of the transmission for use at a later time

A replay attack _____. A. can be prevented by patching the web browser B. is considered to be a type of DoS attack C. makes a copy of the transmission for use at a later time D. replays the attack over and over to flood the server

Replay

An ________________ attack is a variation of MITM attack whereas this attack makes a copy of the legitimate transmission before sending it to the recipient.

Session Hijacking

An attack in which an attacker attempts to impersonate the user by using the user's session token.

Denial of Service (DoS)

An attack that attempts to prevent a system from performing its normal functions by overwhelming the system with "bogus" requests.

ARP Poisoning

An attack that corrupts the ARP cache

Privilege Escalation

An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing.

Cross-Site Scripting (XSS)

An attack that injects scripts into a web application server to direct attacks at clients.

Man-in-the-Middle (MITM)

An attack that intercepts legitimate communication and forges a fictitious response to the sender between two computers.

Injection Attack

An attack that introduces new input to exploit a vulnerability.

Domain Hijacking

An attack that occurs when a domain pointer that links a domain name to a specific web server is changed.

Buffer Overflow Attack

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

Integer Overflow Attack

An attack that occurs when an attacker changes the value of a variable to by using an integer overflow.

DNS Poisoning

An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

Distributed Denial of Service (DDoS)

An attack that uses many computers to perform a DoS attack.

DNS Amplification Attack

An attack that uses publicly accessible and open DNS servers to flood a system with DNS response traffic.

Cross-Site Request Forgery (XSRF)

An attack that uses the user's web browser settings to impersonate that user.

A. integer overflow

An attacker who manipulates the maximum size of an integer type would be performing what kind of attack? A. integer overflow B. buffer overflow C. number overflow D. heap overflow

D. URL hijacking

Attackers who register domain names that are similar to legitimate domain names are performing _____. A. Address resolution B. HTTP manipulation C. HTML squatting D. URL hijacking

C. substitutes DNS addresses so that the computer is automatically redirected to another device

DNS poisoning _____. A. floods a DNS server with requests until it can no longer respond B. is rarely found today due to the use of host tables C. substitutes DNS addresses so that the computer is automatically redirected to another device D. is the same as ARP poisoning

Url Hijacking or Typo Squatting

Fake sites that are spelled similarly to actual sites.

IP Spoofing

Imitating another computer by means of changing the IP address.

MAC Spoofing

Imitating another computer by means of changing the MAC address.

Man-in-the-Browser (MITB)

Intercepts communication between parties to steal or manipulate the data between a web browser and and the security mechanisms of a computer.

B. XSS

John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing? A. SQL B. XSS C. XSRF D. DDoS DNS

Domain Name Resolution

Mapping computer and device names to IP addresses.

A. Privilege escalation

Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about? A. Privilege escalation B. Session replay C. Scaling exploit D. Amplification

D. Host table and external DNS server

Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect? A. Web server buffer and host DNS server B. Reply referrer and domain buffer C. Web browser and browser add-on D. Host table and external DNS server

Address Resolution Protocol (ARP)

Part of the TCP/IP protocol for determining the MAC address based on the IP address.

B. a random string assigned by a web server

What is a session token? A. XML code used in an XML injection attack B. a random string assigned by a web server C. another name for a third-party cookie D. a unique identifier that includes the user's email address

C. to insert SQL statements through unfiltered user input

What is the basis of an SQL injection attack? A. to expose SQL code so that it can be examined B. to have the SQL server attack client web browsers C. to insert SQL statements through unfiltered user input D. to link SQL servers into a botnet

B. DoS attacks use fewer computers than DDoS attacks

What is the difference between a DoS and a DDoS attack? A. DoS attacks are faster than DDoS attacks B. DoS attacks use fewer computers than DDoS attacks C. DoS attacks do not use DNS servers as DDoS attacks do D. DoS attacks user more memory than a DDoS attack

A. privilege escalation

What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another? A. privilege escalation B. cross-site attack C. horizontal access attack D. transverse attack

C. MITM

What type of attack intercepts legitimate communication and forges a fictitious response to the sender? A. SIDS B. interceptor C. MITM D. SQL intrusion

B. Malvertising

What type of attack involves manipulating third-party ad networks? A. Session advertising B. Malvertising C. Clickjacking D. Directory traversal

Clickjacking

When the user is tricked into clicking a link that is other than what is appears to be.

B. reformat the web application server's hard drive

Which action cannot be performed through a successful SQL injection attack? A. discover the names of different fields in a table B. reformat the web application server's hard drive C. display a list of customer telephone numbers D. erase a database table

B. man-in-the-browser (MITB)

Which attack intercepts communications between a web browser and the underlying computer? A. man-in-the-middle (MITM) B. man-in-the-browser (MITB) C. replay D. ARP poisoning

B. XSRF

Which attack uses the user's web browser settings to impersonate that user? A. XDD B. XSRF C. Domain hijacking D. Session hijacking

C. Plug-ins

Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser? A. Extensions B. Scripts C. Plug-ins D. Add-ons

D. push flood

Which of these is not a DoS attack? A. SYN flood B. DNS amplification C. smurf attack D. push flood

D. Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.

Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks? A. The complex nature of TCP/IP allows for too many ping sweeps to be blocked. B. Web application attacks use web browsers that cannot be controlled on a local computer. C. Network security devices cannot prevent attacks from web resources. D. Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.

B. They have introduced vulnerabilities in browsers.

Why are extensions, plug-ins, and add-ons considered to be security risks? A. They are written in Java, which is a weak language. B. They have introduced vulnerabilities in browsers. C. They use bitcode. D. They cannot be uninstalled.


संबंधित स्टडी सेट्स

Math for Elementary Teachers 1 WGU

View Set

27 - Abdominal Pain, 28 - Jaundice, 29 - Nausea and Vomiting, 30 - Gastrointestinal Bleeding, 89 - Esophagus, Stomach, Duodenum, 91 - Disorders of the Pancreas, 92 - Disorders of the Small Intestine, 93 - Acute Appendicitis, 94 - Gastroenteritis, 95...

View Set

HASPI Medical Anatomy & Physio 16a

View Set