Kopieren und bearbeiten

nsf_03

Beschreibung

application and networking-based attacks
865 538
Quiz von 865 538, aktualisiert more than 1 year ago
865 538
Erstellt von 865 538 vor fast 8 Jahre
152
0
0

Zusammenfassung der Ressource

Frage 1

Frage
HTML is a markup language that uses specific ____ embedded in brackets.
Antworten
  • a. blocks
  • b. taps
  • c. tags
  • d. marks

Frage 2

Frage
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.
Antworten
  • a. /var/html
  • b. /var/www
  • c. C:\Inetpub\wwwroot
  • d. /etc/var/www

Frage 3

Frage
The SQL injection statement ____ finds specific users.
Antworten
  • a. whatever’ OR full_name IS ‘%Mia%’
  • b. whatever’ OR full_name LIKE ‘%Mia%’
  • c. whatever’ OR full_name = ‘%Mia%’
  • d. whatever’ OR full_name equals ‘%Mia%’

Frage 4

Frage
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.
Antworten
  • True
  • False

Frage 5

Frage
Web application attacks are considered ____ attacks.
Antworten
  • a. client-side
  • b. relationship
  • c. hybrid
  • d. server-side

Frage 6

Frage
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.
Antworten
  • a. DNS
  • b. URNS
  • c. HTTP
  • d. NSDB

Frage 7

Frage
____ is a language used to view and manipulate data that is stored in a relational database.
Antworten
  • a. SQL
  • b. DQL
  • c. ISL
  • d. C

Frage 8

Frage
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
Antworten
  • True
  • False

Frage 9

Frage
A client-side attack that results in a user’s computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.
Antworten
  • a. denial of service
  • b. drive-by-download
  • c. stack underflow
  • d. buffer overflow

Frage 10

Frage
____ is for the transport and storage of data, with the focus on what the data is.
Antworten
  • a. XML
  • b. SGML
  • c. HTML
  • d. SML

Frage 11

Frage
Which of these is NOT a reason why securing server-side web applications is difficult.
Antworten
  • a. Although traditional network security devices can block traditional network attacks, they cannot always block web application attacks.
  • b. The processors on clients are smaller than on web servers an thus they are easier to defend.
  • c. Many web application attacks exploit previously unknown vulnerabilities.
  • d. By design dynamic server-side web applications accept user input that can contain malicious code.

Frage 12

Frage
Which of these is not an HTTP header attack?
Antworten
  • a. Accept-Language
  • b. Referer
  • c. Response splitting
  • d. Content-length

Frage 13

Frage
What is another name for a locally share object (LSO)?
Antworten
  • a. Flash cookie
  • b. session cookie
  • c. RAM cookie
  • d. secure cookie

Frage 14

Frage
Browser plug-ins ____.
Antworten
  • a. only function on web servers.
  • b. can be embedded inside a webpage but add-ons cannot.
  • c. have additional functionality to the entire browser.
  • d. have been replaced by browser extensions.

Frage 15

Frage
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack?
Antworten
  • a. buffer overflow
  • b. real number
  • c. heap size
  • d. integer overflow

Frage 16

Frage
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another?
Antworten
  • a. privilege rights
  • b. heap spray
  • c. transitive
  • d. vertical escalation

Frage 17

Frage
Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks?
Antworten
  • a. Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
  • b. Web application attacks use web browsers that cannot be controlled on a local computer.
  • c. Network security devices cannot prevent attacks from web resources.
  • d. The complex nature of TCP/IP allows for too man ping sweeps to be blocked.

Frage 18

Frage
What do attackers use buffer overflows to do?
Antworten
  • a. erase buffer overflow signature files
  • b. corrupt the kernel so the computer cannot reboot
  • c. point to another area in data memory that contains the attacker's malware code
  • d. place a virus into the kernel

Frage 19

Frage
What is unique about a cross-site scripting (XSS) attack compared to other injection attacks?
Antworten
  • a. SQL code is used in an XSS attack.
  • b. XSS requires the use of a browser.
  • c. XSS does not attack the web application server to steal or corrupt its information.
  • d. XSS attacks are rarely used anymore compared to other injection attacks.

Frage 20

Frage
What is a cookie that was not created by the website being viewed called?
Antworten
  • a. first-party cookie
  • b. second-party cookie
  • c. third-party cookie
  • d. fourth-party cookie

Frage 21

Frage
What is the basis of an SQL injection attack?
Antworten
  • a. to have the SQL server attack client web browsers
  • b. to inject SQL statements through unfiltered user input
  • c. to expose SQL code so that it can be examined
  • d. to link SQL servers into a botnet

Frage 22

Frage
Which action cannot be performed through a successful SQL injection attack?
Antworten
  • a. reformat the web application server's hard drive
  • b. display a list of customer telephone numbers
  • c. discover the names of different fields in a table
  • d. erase a database table

Frage 23

Frage
Which markup language is designed to carry data?
Antworten
  • a. ICMP
  • b. HTTP
  • c. HTML
  • d. XML

Frage 24

Frage
What type of attack involves an attacker accessing files in directories other than the root directory?
Antworten
  • a. SQL injection
  • b. command injection
  • c. XML injection
  • d. directory traversal

Frage 25

Frage
Which type of attack modifies the fields that contain the different characteristics of the data that is being transmitted?
Antworten
  • a. XML manipulation
  • b. HTML packet
  • c. SQL injection
  • d. HTTP header

Frage 26

Frage
What is a session token?
Antworten
  • a. XML code used in an XML injection attack
  • b. a random string assigned by a web server
  • c. another name for a third-party cookie
  • d. a unique identifier that includes the user's email address

Frage 27

Frage
Which of these is NOT a DoS attack?
Antworten
  • a. SYN flood
  • b. ping flood
  • c. smurf
  • d. push flood

Frage 28

Frage
What type of attack intercepts legitimate communication and forges a fictitious response to the sender?
Antworten
  • a. SIDS
  • b. interceptor
  • c. man-in-the-middle
  • d. SQL intrusion

Frage 29

Frage
A replay attack ____.
Antworten
  • a. is considered to be a type of DoS attack
  • b. makes a copy of the transmission for use at a later time
  • c. can be prevented by patching the web browser
  • d. replays the attack over and over to flood the server

Frage 30

Frage
DNS poisoning ____.
Antworten
  • a. floods a DNS server with requestes until it can no longer respond
  • b. is rarely found today due to the use of host tables
  • c. substitutes DNS addresses so that the computer is automatically redirected to another device
  • d. is the same as ARP poisoning
Zusammenfassung anzeigen Zusammenfassung ausblenden

Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.

ähnlicher Inhalt

nz ns gm
Gene Miranda
nsf_02
865 538
nsf_09(11)
865 538
nsf_04(15)
865 538
nsf_05(4)
865 538
nsf_06(7)
865 538
nsf_01
865 538
nsf_07(8)
865 538
nsf_08(9)
865 538
Dioses
Andres Tejada
Jour Gesko WS 18/19
Adrienne Tschaudi
Bibliothek durchsuchen