You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
answer
client-side scripts
question
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
answer
Buffer overflow
question
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
answer
XSS
question
When you browse to a website, a pop-up tells you that your computers has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?
answer
Drive-by download
question
Which of the following are subject to SQL injection attacks?
answer
database servers
question
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?
answer
SQL injection
question
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
answer
Buffer Overflow
question
Which type of attack is the act of exploiting a software program's fee acceptance of input in order to execute arbitrary code on a target?
answer
buffer overflow
question
As you browse the internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisments for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
answer
Pop-up blocker
question
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?
answer
Integer overflow
question
While using a web-based game created using Adobe Flash, a flash cookie is set on a user's computer. The game saves legitament data in the flash cookies such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that the user visits while the game is running and save them in the flash cookie. The data is transferred to a server over an internet connection without the user's permission. What type of exploit has occurred in this scenario?
answer
Locally shared object exploit
question
Recently a web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names:
www.videoshare.com
www.vidshar.com
www.vidsshare.com
Each of these URLs points to a phishing web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario?
answer
typosquatting
question
watering hole attack
answer
An attacker compromises a web site, hoping that a target individual will access the site and be explosed to the exploit
question
Arbitrary code execution exploit
answer
A vulnerability in a running process allows an attacker to inject malicious instructions and run them
question
LSO exploit
answer
A flash cookie is used to collect information about the user's browsing habits without their permission
question
Zero-day attack
answer
An attacker exploits computer application vulnerabilities before the are known and patched by the application's developer
question
An attacker inserts SQL database commands into a data input field of an order form used by a WbBased application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's web browser. Which practice would have prevented this exploit?
answer
Implementing client-side validation
question
While using a web based order form, an attacker enters an unusally large value in the quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practieces would have prevented this exploit?
answer
-Implementing client side validation
-Implementing server side validation
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
