Ch 5 - Networking & Server Attacks

Description

Ch 5 quiz
C Danvers
Quiz by C Danvers, updated more than 1 year ago
C Danvers
Created by C Danvers over 6 years ago
1272
0

Resource summary

Question 1

Question
A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
Answer
  • True
  • False

Question 2

Question
A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it.
Answer
  • True
  • False

Question 3

Question
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:
Answer
  • Session replay
  • Session spoofing
  • Session hijacking
  • Session blocking

Question 4

Question
An attack that takes advantage of the procedures for initiating a session is known as what type of attack?
Answer
  • DNS amplification attack
  • IP spoofing
  • smurf attack
  • SYN flood attack

Question 5

Question
A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer.
Answer
  • True
  • False

Question 6

Question
Choose the SQL injection statement example below that could be used to find specific users:
Answer
  • whatever' OR full_name = '%Mia%'
  • whatever' OR full_name IS '%Mia%'
  • whatever' OR full_name LIKE '%Mia%'
  • whatever' OR full_name equals '%Mia%'

Question 7

Question
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?
Answer
  • DNS poisoning
  • Phishing
  • DNS marking
  • DNS overloading

Question 8

Question
If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known web site in order for the attacker to gain Web traffic to generate income, what type of attack are they using?
Answer
  • spoofing
  • URL hijacking
  • Web squatting
  • typo hijacking

Question 9

Question
In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.
Answer
  • True
  • False

Question 10

Question
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?
Answer
  • Privilege escalation
  • DNS cache poisoning
  • ARP poisoning
  • Man-in-the-middle

Question 11

Question
Securing web applications is easier than protecting other systems.
Answer
  • True
  • False

Question 12

Question
The exchange of information among DNS servers regarding configured zones is known as:
Answer
  • resource request
  • zone sharing
  • zone transfer
  • zone removal

Question 13

Question
The malicious content of an XSS URL is confined to material posted on a website
Answer
  • True
  • False

Question 14

Question
The return address is the only element that can be altered in a buffer overflow attack.
Answer
  • True
  • False

Question 15

Question
Traditional network security devices can block traditional network attacks, but they cannot always block web application attacks.
Answer
  • True
  • False

Question 16

Question
What are the two types of cross-site attacks? (Choose all that apply.)
Answer
  • cross-site input attacks
  • cross-site scripting attacks
  • cross-site request forgery attacks
  • cross-site flood attacks

Question 17

Question
What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor?
Answer
  • pointer hack
  • DNS spoofing
  • clickjacking
  • domain hijacking

Question 18

Question
What criteria must be met for an XXS attack to occur on a specific website?
Answer
  • The website must accept user input while validating it and use that input in a response
  • The website must accept user input without validating it and use that input in a response
  • The website must not accept user input without validating it and use that input in a response
  • The website must accept user input while validating it and omit that input in a response

Question 19

Question
What language below is used to view and manipulate data that is stored in a relational database?
Answer
  • C
  • DQL
  • SQL
  • ISL

Question 20

Question
What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?
Answer
  • DNS
  • ARP
  • TCP
  • UDP

Question 21

Question
What specific ways can a session token be transmitted? (Choose all that apply.)
Answer
  • In the URL
  • In the trailer of a frame
  • In the header of a packet
  • In the header of the HTTP requisition

Question 22

Question
What technology expands the normal capabilities of a web browser for a specific webpage?
Answer
  • extensions
  • add-ons
  • plug-ins
  • Java applets

Question 23

Question
What two locations can be a target for DNS poisoning? (Choose all that apply.)
Answer
  • local host table
  • external DNS server
  • local database table
  • directory server

Question 24

Question
What type of additional attack does ARP spoofing rely on?
Answer
  • DNS poisoning
  • replay
  • MITB
  • MAC spoofing

Question 25

Question
What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks?
Answer
  • ARP poisoning
  • man-in-the-middle
  • denial of service
  • DNS poisoning

Question 26

Question
What type of attack intercepts communication between parties to steal or manipulate the data?
Answer
  • replay
  • MAC spoofing
  • man-in-the-browser
  • ARP poisoning

Question 27

Question
What type of attack is being performed when multiple computers overwhelm a system with fake requests?
Answer
  • DDoS
  • DoS
  • SYN flood
  • replay attacks

Question 28

Question
What type of privileges to access hardware and software resources are granted to users or devices?
Answer
  • access privileges
  • user rights
  • access rights
  • permissions

Question 29

Question
What type of web server application attacks introduce new input to exploit a vulnerability?
Answer
  • language attacks
  • cross-site request attacks
  • hijacking attacks
  • injection attacks

Question 30

Question
When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the Web ads, what type attack is being performed?
Answer
  • ad squatting
  • clickjacking
  • malvertising
  • ad spoofing

Question 31

Question
When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack?
Answer
  • MITM
  • spoofing
  • denial of service
  • blocking

Question 32

Question
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:
Answer
  • HTTP
  • NSDB
  • URNS
  • DNS

Question 33

Question
Where are MAC addresses stored for future reference?
Answer
  • MAC cache
  • Ethernet cache
  • ARP cache
  • NIC

Question 34

Question
Which of the following are considered to be interception attacks? (Choose all that apply.)
Answer
  • denial of service
  • amplification attack
  • man-in-the-middle
  • replay attacks

Question 35

Question
Which SQL injection statement example below could be used to discover the name of the table?
Answer
  • whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --
  • whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
  • whatever; AND 1=(SELECT COUNT(*) FROM tabname); --
  • whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --

Question 36

Question
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?
Answer
  • whatever AND email IS NULL; --
  • whatever; AND email IS NULL; --
  • whatever" AND email IS NULL; --
  • whatever' AND email IS NULL; --

Question 37

Question
Which type of attack below is similar to a passive man-in-the-middle attack?
Answer
  • replay
  • hijacking
  • denial
  • buffer overflow

Question 38

Question
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?
Answer
  • IP spoofing
  • denial of service
  • DNS poisoning
  • smurf attack

Question 39

Question
XSS is like a phishing attack but without needing to trick the user into visiting a malicious website.
Answer
  • True
  • False
Show full summary Hide full summary

Similar

CCNA Security 210-260 IINS - Exam 3
Mike M
Application of technology in learning
Jeff Wall
Innovative Uses of Technology
John Marttila
Ch1 - The nature of IT Projects
mauricio5509
The Internet
Gee_0599
CCNA Answers – CCNA Exam
Abdul Demir
SQL Quiz
R M
Professional, Legal, and Ethical Issues in Information Security
mfundo.falteni
System Analysis
R A
Flash Cards Networks
JJ Pro Wrestler
EDUC260- Multimodal Literacies for a Digital Age
angelwoo2002