Question 1

How does a cross-site scripting (XSS) attack work?

Accepted Answer

A cross site scripting attack ...

Question 2

Because of the minor role it plays, DNS is never the focus of attacks.

Accepted Answer

A) True 
 B)False  False

Question 3

Match the following terms to the appropriate definitions.
-An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer​

Accepted Answer

A)  Address Resolution Protocol (ARP) 
B)  ARP Poisoning
C)  Buffer overflow attack
D)  Command injection
E)  Cross-site scripting (XSS) F) DNS poisoningG) Flash cookieH) Ping floodI)  Session token	J)  Smurf attack

Question 4

List three of the most common Web application attacks.

Accepted Answer

The most common Web applicatio...

Question 5

To what specific directory are users generally restricted to on a web server?

Accepted Answer

A)  top
B)  base
C)  root
D)  tap

Question 6

How does a SYN flood attack work?​

Accepted Answer

A SYN flood attack involves an attacker ...

Question 7

Match the following terms to the appropriate definitions.
-​An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

Accepted Answer

A)  Address Resolution Protocol (ARP) 
B)  ARP Poisoning
C)  Buffer overflow attack
D)  Command injection
E)  Cross-site scripting (XSS) F) DNS poisoningG) Flash cookieH) Ping floodI)  Session token	J)  Smurf attack

Question 8

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.

Accepted Answer

A) True 
 B)False  False

Question 9

Which SQL injection statement can be used to erase an entire database table?

Accepted Answer

A)  whatever'; DROP TABLE members; --
B)  whatever'; DELETE TABLE members; --
C)  whatever'; UPDATE TABLE members; --
D)  whatever'; RENAME TABLE members; --

Question 10

What language below is designed to display data, with a primary focus on how the data looks?

Accepted Answer

A)  XML
B)  HTML
C)  SGML
D)  ISL

Question 11

Match the following terms to the appropriate definitions.
-​An attack that injects scripts into a web application server to direct attacks at clients.

Accepted Answer

A)  Address Resolution Protocol (ARP) 
B)  ARP Poisoning
C)  Buffer overflow attack
D)  Command injection
E)  Cross-site scripting (XSS) F) DNS poisoningG) Flash cookieH) Ping floodI)  Session token	J)  Smurf attack

Question 12

HTML uses which option below within embedded brackets ()  causing a web browser to display text in a specific format?

Accepted Answer

A)  ​blocks
B)  ​marks
C)  ​taps
D)  ​tags D

Question 13

In a drive-by download attack, provide an example of how an attacker might avoid visual detection.​

Accepted Answer

An attacker might make use of ...

Question 14

Attacks that take place against web based services are considered to be what type of attack?

Accepted Answer

A)  client-side
B)  hybrid
C)  server-side
D)  relationship

Question 15

What is the goal of a directory traversal attack?​

Accepted Answer

A directory traversal attack is used to ...

Question 16

Describe the two types of privilege escalation.

Accepted Answer

Vertical privilege escalation is when a ...

Question 17

Choose the SQL injection statement example below that could be used to find specific users:

Accepted Answer

A)  whatever' OR full_name = '%Mia%'
B)  whatever' OR full_name IS '%Mia%'
C)  whatever' OR full_name LIKE '%Mia%'
D)  whatever' OR full_name equals '%Mia%'

Question 18

A web browser makes a request for a web page using the ________________.

Accepted Answer

Hypertext ...

Question 19

Match the following terms to the appropriate definitions.
-​An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Accepted Answer

A)  Address Resolution Protocol (ARP) 
B)  ARP Poisoning
C)  Buffer overflow attack
D)  Command injection
E)  Cross-site scripting (XSS) F) DNS poisoningG) Flash cookieH) Ping floodI)  Session token	J)  Smurf attack

Question 20

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

Accepted Answer

A)  ​Privilege escalation
B)  ​DNS cache poisoning
C)  ​ARP poisoning
D)  ​Man-in-the-middle

Exam 3: Application and Networking-Based Attacks

How does a cross-site scripting (XSS) attack work?

Correct AnswerverifiedA cross site scripting attack ...View AnswerShow Answer

Because of the minor role it plays, DNS is never the focus of attacks.

Correct AnswerverifiedFalse

Match the following terms to the appropriate definitions. -An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer​

Correct AnswerverifiedShow Answer

List three of the most common Web application attacks.

Correct AnswerverifiedThe most common Web applicatio...View AnswerShow Answer

To what specific directory are users generally restricted to on a web server?

Correct AnswerverifiedShow Answer

How does a SYN flood attack work?​

Correct AnswerverifiedA SYN flood attack involves an attacker ...View AnswerShow Answer

Match the following terms to the appropriate definitions. -​An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

Correct AnswerverifiedShow Answer

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.

Correct AnswerverifiedFalse

Which SQL injection statement can be used to erase an entire database table?

Correct AnswerverifiedShow Answer

What language below is designed to display data, with a primary focus on how the data looks?

Correct AnswerverifiedShow Answer

Match the following terms to the appropriate definitions. -​An attack that injects scripts into a web application server to direct attacks at clients.

Correct AnswerverifiedShow Answer

HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?

Correct AnswerverifiedD

In a drive-by download attack, provide an example of how an attacker might avoid visual detection.​

Correct AnswerverifiedAn attacker might make use of ...View AnswerShow Answer

Attacks that take place against web based services are considered to be what type of attack?

Correct AnswerverifiedShow Answer

What is the goal of a directory traversal attack?​

Correct AnswerverifiedA directory traversal attack is used to ...View AnswerShow Answer

Describe the two types of privilege escalation.

Correct AnswerverifiedVertical privilege escalation is when a ...View AnswerShow Answer

Choose the SQL injection statement example below that could be used to find specific users:

Correct AnswerverifiedShow Answer

A web browser makes a request for a web page using the ________________.

Correct AnswerverifiedHypertext ...View AnswerShow Answer

Match the following terms to the appropriate definitions. -​An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Correct AnswerverifiedShow Answer

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

Correct AnswerverifiedShow Answer

Correct Answer
verified
A cross site scripting attack ...
View Answer

Correct Answer
verified
False

Match the following terms to the appropriate definitions. -An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

Correct Answer
verified

Correct Answer
verified
The most common Web applicatio...
View Answer

Correct Answer
verified

How does a SYN flood attack work?

Correct Answer
verified
A SYN flood attack involves an attacker ...
View Answer

Match the following terms to the appropriate definitions. -An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

Correct Answer
verified

Correct Answer
verified
False

Correct Answer
verified

Correct Answer
verified

Match the following terms to the appropriate definitions. -An attack that injects scripts into a web application server to direct attacks at clients.

Correct Answer
verified

Correct Answer
verified
D

In a drive-by download attack, provide an example of how an attacker might avoid visual detection.

Correct Answer
verified
An attacker might make use of ...
View Answer

Correct Answer
verified

What is the goal of a directory traversal attack?

Correct Answer
verified
A directory traversal attack is used to ...
View Answer

Correct Answer
verified
Vertical privilege escalation is when a ...
View Answer

Correct Answer
verified

Correct Answer
verified
Hypertext ...
View Answer

Match the following terms to the appropriate definitions. -An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Correct Answer
verified

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Correct Answer
verified