ITN-260 Chapter 3

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service: a. SML b. HTML c. DNS d. ​ARP

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? a. Phishing b. DNS marking c. DNS overloading d. DNS poisoning

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? a. whatever; AND email IS NULL; -- b. whatever" AND email IS NULL; -- c. whatever' AND email IS NULL; -- d. whatever AND email IS NULL; --

What language below is designed to display data, with a primary focus on how the data looks? a. SML b. HTML c. SGML d. XML

Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small. False True.

Which type of attack below is similar to a passive man-in-the-middle attack? a. hijacking b. denial c. replay d. buffer overflow

Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks. True False

What language below is used to view and manipulate data that is stored in a relational database? a. SML b. HTML c. SQL d. SGML

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? a. ​Man-in-the-middle b. ​Privilege escalation c. ​DNS cache poisoning d. ​ARP poisoning

Select below the string of characters that can be used to traverse up one directory level from the root directory: a. ./ b. %20/ c. ;/ d. xxs../

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? a. Phishing b. DNS marking c. DNS overloading d. DNS poisoning

XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.​ True False

What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted? a. SSL header b. HTTP header c. XML header d. HTML header

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below? a. C:wwwroot b. /var/www c. C:Inetpub wwwroot d. /var/html

Choose the SQL injection statement example below that could be used to find specific users: a. whatever' OR full_name = '%Mia%' b. whatever' OR full_name equals '%Mia%' c. whatever' OR full_name LIKE '%Mia%' d. whatever' OR full_name IS '%Mia%'

What language below is for the transport and storage of data, with the focus on what the data is? a. SML b. HTML c. SGML d. XML

Which SQL injection statement can be used to erase an entire database table? a. whatever'; DELETE TABLE members; -- b. whatever'; DROP TABLE members; -- c. whatever'; RENAME TABLE members; -- d. whatever'; UPDATE TABLE members; --

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? a. whatever; AND email IS NULL; -- b. whatever' AND email IS NULL; -- c. whatever" AND email IS NULL; -- d. whatever AND email IS NULL; --

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as: a. Session blocking b. Session spoofing c. Session hijacking d. Session replay

HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format? a. taps b. tags c. blocks d. marks