Set 5 (Quizzs)
On Windows Server 2012, by default the log files are stored at:
%SystemDrive%\inetpub\Logs\LogFiles
Which web application threat occurs when attackers identify a flaw, bypass authentication, and compromise the network?
Broken Access Control
Which web application threat refers to vulnerable management functions, including user updates, recovery of passwords, or resetting passwords?
Broken Account Management
. Which web application threat occurs when the application fails to guard memory properly and allows writing beyond maximum size?
Buffer Overflow
. What layer of web application architecture is responsible for the core functioning of the system and includes logic and applications, such as .NET, used by developers to build websites according to client requirements?
Business Layer
What is a common technique used to distribute malware on the web by injecting malware into legitimate looking websites to trick users into selecting them?
Click-jacking
What layer of web application architecture includes all the web appliances, such as smartphones and PCs, where interaction with a web application deployed on a web server occurs?
Client Layer
Which cloud environment is a multi-tenant infrastructure shared among organizations with common computing concerns, such as security, regulatory compliance, performance requirements, and jurisdiction?
Community Cloud
When a reputable website is infected with malware that secretly installs itself on a visitor's system and thereafter carries out malicious activities, it is an example of which common technique used by hackers to distribute malware?
Compromised Legitimate Websites
. Which is a threat to web applications?
Cookie Poisoning
Which web application threat refers to the modification of a website's remnant data for bypassing security measures or gaining unauthorized information?
Cookie Poisoning
Which web application threat occurs when an authenticated user is forced to perform certain tasks on the web application chosen by an attacker?
Cross-Site Request Forgery
Which web application threat occurs when attackers bypass the client's ID security mechanisms, gain access privileges, and inject malicious scripts into specific fields in web pages?
Cross-Site Scripting
What layer of web application architecture is composed of cloud services that hold all commercial transactions and a server that supplies an organization's production data in a structured form?
Database Layer
. Which of the following is a web analytics solution for small and medium size websites?
Deep log analyzer
Which web application threat is a method intended to terminate website or server operations by making resources unavailable to clients?
Denial-of-Service
Which web application threat occurs when attackers exploit HTTP, gain access to unauthorized directories, and execute commands outside the web server's root directory?
Directory Traversal
What file format is used by Windows Vista and later versions to store event logs as simple text files in XML format?
EVTX
What is not true of email crimes?
Email crime is not limited by the email organization.
What is not one of CAN-SPAM's main requirements for senders?
Honor recipients' opt-out request within 30 business days.
Which of the following stakeholders includes professionals—such as cloud security architects, network administrators, security administrators, and ethical hackers—responsible for managing and maintaining all aspects of the cloud?
IT Professionals
What cloud service enables subscribers to use fundamental IT resources, such as computing power, virtualization, data storage, network, etc., on demand?
IaaS
Which web application threat arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes?
Improper Error Handling
Which of the following stakeholders are the first responders for all the security events or occurrences taking place on a cloud?
Incident Handlers
Which web application threat refers to a drawback in a web application where it unintentionally reveals sensitive data to an unauthorized user?
Information Leakage
. Identify the following Cloud computing services that provide virtual machines, hardware, and operating systems which may be controlled through a service API.
Infrastructure-as-a-Service (IaaS)
Which web application threat occurs when attackers insert malicious code, commands, or scripts into the input gates of web applications, enabling the applications to interpret and run the newly supplied malicious input?
Injection Flaws
. Which web application threat occurs when an attacker is allowed to gain access as a legitimate user to a web application or data such as account records, credit card numbers, passwords, or other authenticated information?
Insecure Storage
Which supports HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP?
Internet Information Server (IIS)
Which of the three different files storing data and logs in SQL servers holds the entire log information associated with the database?
LDF
Which of the following stakeholders are responsible to make sure all the forensic activities are within the jurisdiction and not violating any regulations or agreements?
Law Advisors
Which is not an indication of a web attack?
Logs found to have no known anomalies
Which of the three different files storing data and logs in SQL servers is the starting point of a database and points to other files in the database?
MDF
What type of forensics take action when a security incident has occurred and detection and analysis of the malicious activities performed by criminals over the SQL database file are required?
MSSQL forensics
Which of the three different files storing data and logs in SQL servers is optional?
NDF
What is the first step an investigator should take to carry out the on-site examination of an email server?
Obtain a search warrant application in the appropriate language.
What cloud service offers a platform for developing applications and services?
PaaS
Which web application threat occurs when attackers intend to manipulate the communication exchanged between the client and server to make changes in application data?
Parameter Tampering
What type of cloud testing should organizations perform regularly to monitor their security posture?
Pen testing
An e-mail client connects with a POP3 server via _________
Port 110
Which of the following is also known as an internal or corporate cloud and is a cloud infrastructure that a single organization operates?
Private Cloud
Which cloud environment allows the provider to make services—such as applications, servers, and data storage—available to the public over the internet?
Public Cloud
Which RFC defines normal email communication?
RFC 5322
Which is a violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act?
Retransmitting spam messages through a computer to mislead others about the origin of the message
Which web application threat occurs when attackers insert commands via input data and are able to tamper with the data?
SQL Injection
What cloud service offers application software to subscribers on demand, over the internet, and the provider charges by a pay-per-use basis, subscription, advertising, or sharing among multiple users?
SaaS
On-demand _________ is a type of service rendered by cloud service providers that allow provisions for cloud resources such as computing power, storage, network, and so on, always on demand, without the need for human interaction with service providers.
Self-service
_______________ is an internet protocol that's designed for transmitting email over IP networks
Simple Mail Transfer Protocol (SMTP)
What is a common technique used to distribute malware on the web by mimicking legitimate institutions in an attempt to steal passwords, credit cards, and bank account data?
Spearphishing Sites
Why is it safe to conduct static analysis?
The investigator does not install or execute the suspect file
What is the primary information required for starting an email investigation?
The unique IP address
Which web application threat occurs when attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, or query strings?
Unvalidated Input
For Forensic Analysis, which of the following MySQL Utility Programs is used to export metadata or data, or both from one or more databases?
mysqldbexport
____________ command line utility is used to take a backup of the database.
mysqldump
In Port Monitoring the following command is used to look for connections established to unknown or suspicious IP addresses.
netstat -an
____________ command is used to find if TCP and UDP ports have unusual listening.
netstat -na
What is a common technique used to distribute malware on the web with tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get higher search engine ranking for malware pages?
• Blackhat SEO
On Windows 10 OS, by default the Google Drive Client is installed at _______________
• C:\Program Files (x86) \Google\Drive
What is a common technique used to distribute malware on the web when an attacker exploits flaws in browser software to install malware just merely by visiting a website?
• Drive-by Downloads
Which is a disadvantage of a private cloud?
• Expensive
What is a cloud environment composed of two or more clouds that remain unique entities but are bound together to offer the benefits of multiple deployment models?
• Hybrid Cloud
Which of the following stakeholders is responsible for conducting forensic examinations against allegations made regarding wrongdoings, found vulnerabilities, and attacks over the cloud?
• Investigators
What is a common technique used to distribute malware on the web by embedding malware-laden advertisements in authentic online advertising channels to spread onto systems of unsuspecting users?
• Malvertising
Where do email archives store received and sent emails?
• On the system hard drive
