Fundamentals Of Network Security Chapter 5

"Choose the SQL injection statement example below that could be used to find specific users: - whatever' OR full_name = '%Mia%' - whatever' OR full_name IS '%Mia%' - whatever' OR full_name LIKE '%Mia%' - whatever' OR full_name equals '%Mia%' "

"Where are MAC addresses stored for future reference? - MAC cache - Ethernet cache - ARP cache - NIC "

True or False: A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it.

"Which type of attack below is similar to a passive man-in-the-middle attack? - replay - hijacking - denial - buffer overflow "

True or False: JavaScript cannot create separate stand-alone applications.

"What specific ways can a session token be transmitted? (Choose all that apply.) -In the URL. -In the trailer of a frame. -In the header of a packet. -In the header of the HTTP requisition. "

True or Fales: The return address is the only element that can be altered in a buffer overflow attack.

"An attack that takes advantage of the procedures for initiating a session is known as what type of attack? - DNS amplification attack - IP spoofing - smurf attack - SYN flood attack "

True or Fales: Securing web applications is easier than protecting other systems.

True or False: A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer.

"What protocol can be used by a host on a network to find the MAC address of another device based on an IP address? - DNS - ARP - TCP - UDP "

True or False: Traditional network security devices can block traditional network attacks, but they cannot always block web application attacks.

True or False: The malicious content of an XSS URL is confined to material posted on a website

"Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer? - IP spoofing - denial of service - DNS Poisoning - smurf attack "

"What type of privileges to access hardware and software resources are granted to users or devices? - access privileges - user rights - access rights - permissions "

True or False: A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

"What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks? - ARP poisoning - man-in-the-middle - denial of service - DNS poisoning "

"What type of web server application attacks introduce new input to exploit a vulnerability? - language attacks - cross-site request attacks - hijacking attacks - injection attacks "

"What type of attack is being performed when multiple computers overwhelm a system with fake requests? - DDoS - DoS - SYN flood - replay attacks "

"What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor? - pointer hack - DNS spoofing - clickjacking - domain hijacking "

"Which SQL injection statement example below could be used to discover the name of the table? - whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); -- - whatever' AND 1=(SELECT COUNT(*) FROM tabname); -- - whatever; AND 1=(SELECT COUNT(*) FROM tabname); -- - whatever%; AND 1=(SELECT COUNT(*) FROM tabname); -- "

"How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? - DNS poisoning - Phishing - DNS marking - DNS overloading "

True or False: In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.

"What language below is used to view and manipulate data that is stored in a relational database? - C - DQL - SQL - ISL"

"What type of attack intercepts communication between parties to steal or manipulate the data? - replay - MAC spoofing - man-in-the-browser - ARP poisoning "

"What two locations can be a target for DNS poisoning? (Choose all that apply.) -local host table -external DNS server -local database table -directory server "

"If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known web site in order for the attacker to gain Web traffic to generate income, what type of attack are they using? - spoofing - URL hijacking - Web squatting - typo hijacking "

"What criteria must be met for an XXS attack to occur on a specific website? - The website must accept user input while validating it and use that input in a response. - The website must accept user input without validating it and use that input in a response. - The website must not accept user input without validating it and use that input in a response. - The website must accept user input while validating it and omit that input in a response. "

"Which of the following are considered to be interception attacks? (Choose all that apply.) -denial of service -amplification attack - man-in-the-middle - replay attacks "

"The exchange of information among DNS servers regarding configured zones is known as: - resource request - zone sharing - zone transfer - zone removal "

"An attack in which the attacker attempts to impersonate the user by using his or her session token is known as: - Session replay - Session spoofing - Session hijacking - Session blocking "

"What type of additional attack does ARP spoofing rely on? - DNS Poisoning - replay - MITB - MAC spoofing "

"When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack? - MITM - spoofing - denial of service - blocking "

"Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? - whatever AND email IS NULL; -- - whatever; AND email IS NULL; -- - whatever"" AND email IS NULL; -- - whatever' AND email IS NULL; -- "

"When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service: - HTTP - NSDB - URNS - DNS "

"What are the two types of cross-site attacks? (Choose all that apply.) - cross-site input attacks - cross-site scripting attacks - cross-site request forgery attacks - cross-site flood attacks"

"On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? - Privilege escalation - DNS cache poisoning - ARP poisoning - Man-in-the-middle "

"When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the Web ads, what type attack is being performed? - ad squatting - clickjacking - malvertising - ad spoofing "

True or False: XSS is like a phishing attack but without needing to trick the user into visiting a malicious website.

"What technology expands the normal capabilities of a web browser for a specific webpage? - extensions - add-ons - plug-ins - Java applets "