System Security Management Ch. 6
Which of the following statements is not true? A. Cookie manipulation is possible when vulnerable applications store user input and then embed that input into a response within a part of the DOM. B. An attacker can take advantage of stored DOM-based vulnerabilities to create a URL to set an arbitrary value in a user's cookie. C. The impact of a stored DOM-based vulnerability depends on the role that the cookie plays within the application. D. A best practice to avoid cookie manipulation attacks is to dynamically write to cookies using data originating from untrusted sources.
A best practice to avoid cookie manipulation attacks is to dynamically write to cookies using data originating from untrusted sources.
You can find XSS vulnerabilities in which of the following? A. HTTP headers B. Input fields that echo user data C. All of these D. Search fields that echo a search string back to the user
All of these
Which of the following occurs when a user who is authenticated by an application through a cookie saved in the browser unwittingly sends an HTTP request to a site that trusts the user, subsequently triggering an unwanted action? A. CSRF B. Fuzzing C. Reflected XSS D. Session fixation
CSRF
Which of the following vulnerabilities can be exploited with the parameters used in the following URL? http://h4cker.org/resource/?password_new=newpasswd&password_conf=newpasswd &Change=Change# A. SQL injection B. Session manipulation C. CSRF or XSRF D. Reflected XSS
CSRF or XSRF
Which of the following is not an example of a vulnerable application that you can use to practice your penetration testing skills? A. DVWA B. Cyber range C. Hackazon D. WebGoat
Cyber range
What type of vulnerability or attack is demonstrated in the following URL? https://store.h4cker.org/buyme/?page=../../../../../etc/passwd A. Stored XSS B. DOM-based XSS C. SQL injection D. Directory (path) traversal
Directory (path) traversal
Which of the following is a black-box testing technique that consists of sending malformed/semi-malformed data injection in an automated fashion? A. Bursting B. Man-in-the-middle C. Fuzzing D. Brute forcing
Fuzzing
What type of vulnerabilities can be triggered by using the parameters in the following URL? https://store.h4cker.org/?search=cars&results=20&search=bikes A. SQL injection B. HTTP parameter pollution (HPP) C. Command injection D. XSS
HTTP parameter pollution (HPP)
Which of the following is true about DOM-based XSS? A. None of these B. In DOM-based XSS, the payload is never sent to the client. Instead, the payload is only processed by the web server. C. In DOM-based XSS, the payload can be sent to the server or the client. D. In DOM-based XSS, the payload is never sent to the server. Instead, the payload is only processed by the web client (browser).
In DOM-based XSS, the payload is never sent to the server. Instead, the payload is only processed by the web client (browser).
What type of vulnerabilities can be triggered by using the parameters in the following URL? http://web.h4cker.org/changepassd?user=chris A. Indirect Object Reference B. XSS C. SQL injection D. Insecure Direct Object Reference
Insecure Direct Object Reference
What type of security malpractice is shown in the following example? <input type="hidden" id="123" name="price" value="100.00"> A. Insecure hidden form elements B. Weak ID C. Weak form values D. Invalid HTML signing
Insecure hidden form elements
Which of the following is a hashing algorithm that should be avoided? A. DES B. RC4 C. MD5 D. RSA-1024
MD5
Which of the following is not an example of an HTTP method? A. DELETE B. TRACE C. REST D. PUT
REST
Which of the following is a type of attack that takes place when a system or an application attempts to perform two or more operations at the same time? A. Race condition B. Reflected XSS C. Clickjacking D. Session hijacking
Race condition
Local file inclusion (LFI) vulnerabilities occur when a web application allows a user to submit input into files or upload files to the server. Successful exploitation could allow an attacker to perform which of the following operations? A. Invoke PowerShell scripts to perform lateral movement B. Execute code hosted in a system controlled by the attacker C. Read and (in some cases) execute files on the victim's system D. Inject shell code on an embedded system
Read and (in some cases) execute files on the victim's system
Which of the following is true about reflected XSS? A. In reflected XSS, the payload is never sent to the server; this is similar to a blind SQL injection. B. Reflected XSS attacks can be found by fuzzing a database. C. Reflected XSS attacks are not persistent. D. Reflected XSS attacks are persistent.
Reflected XSS attacks are not persistent.
What type of vulnerability or attack is demonstrated in the following URL? http://web.h4cker.org/?page=http://malicious.h4cker.org/malware.js A. Reflected XSS B. Local file inclusion C. Remote file inclusion D. SQL injection
Remote file inclusion
Which of the following is a mitigation technique for preventing clickjacking attacks? A. Replacing an older X-Frame-Options or CSP frame ancestors B. Converting "e; to " C. Converting to ' D. Converting < to <
Replacing an older X-Frame-Options or CSP frame ancestors
Consider the following string: Ben' or '1'='1 A. XSRF B. XSS C. SQL injection D. CSRF
SQL injection
Which of the following is a modern framework of API documentation and development and the basis of the OpenAPI Specification (OAS), which can be very useful for pen testers to get insights into an API? A. Swagger B. GraphQL C. SOAP D. WSDL
Swagger
Which of the following is not true? A. The session ID is a name/value pair. B. None of these C. Once an authenticated session has been established, the session ID (or token) is temporarily equivalent to the strongest authentication method used by the application, such as usernames and passwords, one-time passwords, and client-based digital certificates. D. The session ID (or token) is temporarily equivalent to the strongest authentication method used by the application prior to authentication.
The session ID (or token) is temporarily equivalent to the strongest authentication method used by the application prior to authentication.
Software developers should escape all characters (including spaces but excluding alphanumeric characters) with the HTML entity &#xHH; format to prevent what type of attack? A. DDoS attacks B. Brute-force attacks C. XSS attacks D. CSRF attacks
XSS attacks