CIS 278 - CH 5

Ace your homework & exams now with Quizwiz!

Where are MAC address stored for future reference? A) MAC cache B) Ethernet cache C) ARP cache D) NIC

C) ARP cache

What language below is used to view and manipulate data that is stored in a relational database? A) C B) DQL C) SQL D) ISL

C) SQL

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as: A) session replay B) session spoofing C) session hijacking D) session blocking

C) Session hijacking

What type of privileges to access hardware and software resources are granted to users or devices? A) access privileges B) user rights C) access rights D) permissions

C) access rights

When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the web ads, what type attack is being performed? A) ad squatting B) clickjacking C) malvertising D) ad spoofing

C) malvertising

What type of attack intercepts communication between parties to steal or manipulate the data? A) replay B) MAC spoofing C) man-in-the-browser D) ARP poisoning

C) man-in-the-middle

The exchange of information among DNS servers regarding configured zones is known as: A) resource request B) zone sharing C) zone transfer D) zone removal

C) zone transfer

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service: A) HTTP B) NSDB C) URNS D) DNS

D) DNS

What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor? A) Pointer hack B) DNS spoofing C) Clickjacking D) Domain hijacking

D) Domain Hijacking

What type of additional attack does ARP spoofing rely on? A) DNS poisoning B) replay C) MITB D) MAC spoofing

D) MAC spoofing

What type of web server application attacks introduce new input to exploit a vulnerability? A) Language attacks B) cross-site request attacks C) hijacking attacks D) Injection attacks

D) injection attacks

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? A) whatever AND email IS NULL; -- B) whatever; AND email IS NULL; -- C) whatever" AND email IS NULL; -- D) whatever' AND email IS NULL; --

D) whatever' AND email IS NULL; --

XSS is like a phishing attack but without needing to trick the user into visiting a malicious website. True or False

True

a buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed storage buffer/ True or False

True

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? A) DNS poisoning B) Phishing C) DNS marking D) DNS overloading

A) DNS poisoning

Which SQL statement example below could be used to discover the name of the table? A) whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); -- B) whatever' AND 1=(SELECT COUNT(*) FROM tabname); -- C) whatever' AND 1=(SELECT COUNT(*) FROMtabname); -- D) whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --

(don't know)

What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks? A) ARP poising B) man-in-the-middle C) denial of service D) DNS poising

A) ARP poising

What type of attack is being performed when multiple computers overwhelm a system with fake request? A) DDoS B) DoS C) SYN flood D) replay attacks

A) DDoS

What specific ways can a session token be transmitted? (choose all that apply) A) In the URL B) In the trailer of frame C) In the header of a packet D) In the header of the HTTP requisition

A) In the URL D) In the header of the HTTP requisition

What two locations can be a target for DNS poisoning? (choose all that apply) A) Local host table B) external DNS server C) local database table D) directory server

A) Local host table B) external DNS server

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? A) Privilege escalation B) DNS cache poisoning C) ARP poisoning D) Man-in-the-middle

A) Privilege escalation

What protocol can be used by a host on a network to find the MAC address of another device based on an IP address? A) DNS B) ARP C) TCP D) UDP

B) ARP

If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known website in order for the attacker to gain web traffic to generate income, what type of attack are they using? A) Spoofing B) URL hijacking C) Web squatting D) Typo hijacking

B) URL hijacking

What technology expands the normal capabilities of a web browser for a specific web page? A) extensions B) add-ons C) plug-ins D) Java applets

B) add-ons

A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer. True or False

False

Security web application is easier than protecting other systems. True or False

False

The malicious content of an XSS URL is confined to material posted on a website True or False

False

The return address is the only element that can be altered in a buffer overflow attack. True or False

False

In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow. True or False

True

JavaScript cannot create separate stand-alone applications. True or False

True


Related study sets

Topic 4: Antigen Recognition in Adaptive Immunity

View Set

PSYCH STATS CH 1-5 Homework questions

View Set

Chapter 42: Cardiovascular Dysfunction

View Set

(notes) 8.6 Solving Exponential and Logarithmic Equations

View Set