CompTIA Security+ Exam SY0-501 Common Vulnerabilities
A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as:
• Buffer overflow
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
• DLL
Which of the terms listed below describes a type of attack that relies on executing a library of code?
• DLL injection
A predefined username/password on a brand new wireless router is an example of:
• Default configuration
Which of the terms listed below refers to a software that no longer receives continuing support?
• EOL
After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of:
• Improper error handling
A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of:
• Improper input validation
Which of the following violates the principle of least privilege?
• Improperly configured accounts
Which of the following factors pose the greatest risk for embedded systems? (Select 2 answers)
• Inadequate vendor support • Default configurations • Improper input handling
Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?
• Integer overflow
A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called:
• Memory leak
Which of the following terms describes an attempt to read a variable that stores a null value?
• Pointer dereference
A malfunction in preprogrammed sequential access to a shared resource is described as:
• Race condition
Which of the answers listed below describes the result of a successful DoS attack?
• Resource exhaustion
An effective asset management process provides countermeasures against: (Select all that apply)
• System sprawl • Undocumented assets • Architecture and design weaknesses
In the IT industry, the term "System sprawl" is used to describe poor hardware resource utilization.
• True
The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks.
• True
What is the best countermeasure against social engineering?
• User education
Zero-day attack exploits:
• Vulnerability that is present in already released software but unknown to the software developer
An e-commerce store app running on an unpatched web server is an example of:
• Vulnerable business process
