Cybersecurity - 8 & 9

Ace your homework & exams now with Quizwiz!

What type of attack is typically associated with the STRCPY function?

Buffer overflow

During an incident response process, Michelle discovers that the administrative credentials....What is this type of ticket called?

A golden ticket

Gabby connects to a Linux web server and executes an attack that gives her access to the account that the Apache web server runs as. If her next attack is aimed at a script that runs with root privileges, what type of attack has she attempted?

A privilege escalation attack

The application that Scott is writing has a flaw that occurs when two operations are attempted at the same time, resulting in unexpected results when the two actions do not occur in the expected order. What type of flaw does the application have?

A race condition

Gabby wants to insert data into the response from her browser to a web application. What type of tool should she use if she wants to easily make manual changes in what her browser sends out as she interacts with the website?

An interception proxy

Susan wants to manage access based on the job titles of members of her organization's staff. What kind of access control is best suited to this requirement?

Attribute-based access control

Authentication that uses the IP address, geographical location, and time of day to help validate the user is known as what type of authentication?

Context-based

Every time Susan checks code into her organization's code repository it is tested, validated, then if accepted it is immediately put into production. What is the term for this?

Continuous delivery

Which party in a federated identity service model makes assertions about identities to service providers?

IDPs

What type of attack occurs when an attacker takes advantage of OAuth open redirects to take on the identity of a legitimate user?

Impersonation

Which of the following is not a common attack against Kerberos?

Open redirect-based attacks

Using TLS to protect application traffic helps satisfy which of the OWASP best practices?

Protect data

Gabby is designing a multifactor authentication system for her company... How many distinct factors will she have implemented when she is done?

Two

Kristen wants to implement a code review but has a distributed team that works at various times during the day..... What type of review process will work best for her needs?

Over-the-shoulder

Kathleen wants to build a public API for a modern service-oriented architecture. What model is likely her best choice?

REST

Which of the following technologies is NTLM associated with?

Active Directory

Which of the following technologies is not a shared authentication technology?

LDAP

Which of the following methods is not an effective method for preventing brute-force password guessing attacks via login portals?

Returning an HTTP error

During a Fagan code inspection, which process can redirect to the planning stage?

Rework

Angela is concerned about attackers enumerating her organization's LDAP directory. What LDAP control should she recommend to help limit the impact of this type of data gathering?

ACLs

Matt wants to prevent attackers from capturing data by directly connecting to the hardware communications components of a device he is building. What should he use to make sure that communications between the processor and other chips are not vulnerable?

Bus encryption

What type of testing focuses on inserting problems into the error handling processes and paths in an application?

Fault injection

During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report?

Improper error handling

What process is used to ensure that an application can handle very high numbers of concurrent users or sessions?

Load testing

Precompiled SQL statements that only require variables to be input are an example of what type of application security control?

Parameterized queries

The 2013 Yahoo breach resulted in almost 1 billion MD5 hashed passwords being exposed. What user behavior creates the most danger when this type of breach occurs?

Password reuse

Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?

Performing user input validation

Michelle has a security token that her company issues her. What type of authentication factor does she have?

Possession

Jim was originally hired into the helpdesk at his current employer but has since then moved into finance....What is this issue called?

Privilege creep

Jason has user rights on his Linux workstation, but he wants to read his department's financial reports,....What type of attack is this?

Privilege escalation

After a major patch is released for the web application that he is responsible for, Sam proceeds to run his web application security scanner against the web application to verify that it is still secure. What is the term for the process Sam is conducting?

Regression testing

What security design is best suited to protect authentication and authorization for a network that uses TACACS+?

Route management traffic over a dedicated network

Which of the following is not a reason to avoid using SMS as a second factor for authentication?

SMS cannot send unique tokens

Ben's successful attack on an authenticated user required him to duplicate the cookies that the web application put in place to identify the legitimate user. What type of attack did Ben conduct?

Session hijacking

Susan's team has been writing code for a major project for a year and recently released their third version of the code....What type of tool should Susan implement to help avoid this issue in the future?

Source control management

Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting?

Static code analysis

Chris is responsible for monitoring his organization's file shares and security and has discovered that employees are consistently retaining access to files after they change positions. Where should he focus his efforts if his organization's account life cycle matches the following?

Step 3

During testing, Tiffany slowly increases the number of connections to an application until it fails. What is she doing?

Stress testing

What term describes a chip that is built into a computer that stores encryption keys specific to the system that is used for hardware authentication?

TPM

What process checks to ensure that functionality meets customer needs?

UAT


Related study sets

The courtroom Work Group trial and the criminal trial

View Set

Hello Universe Ch. 1-5 Vocabulary

View Set

Exam 2: Head, Face, Mouth, & Neck Assessment

View Set

Chapter 3: Supply and Demand: Theory - Notes and Diagrams

View Set

37 Addiction: Alcohol use disorder

View Set

Machine Learning Interview Questions

View Set