cyber (Beta)

Question

Define foot printing

Answer 1

Find out more about structure of target

Answer 2

Find out individual computers of target

Answer 3

Involves relatively high amount of manual work

Answer 4

Check if target candidates are actual alive and reachable

Answer 5

Load/Store

Answer 6

Continuation

Answer 7

Comparison

Answer 8

Arithmetic

Answer 9

Find out more about structure of target

Answer 10

Find out individual computers of target

Answer 11

Involves relatively high amount of manual work

Answer 12

Check if target candidates are actual alive and reachable

Answer 13

An injection attack wherein an attacker can execute malicious SQL statements

Answer 14

A type of computer security vulnerability typically found in web application

Answer 15

An attack in which the goals is execution of arbitrary commands on the host operating system via a vulnerable application

Answer 16

Open Web Application Security Program

Answer 17

Open Wide Application Security Program

Answer 18

Open Wide Application Security Project

Answer 19

Open Web Application Security Project

Answer 20

User input is either incorrectly filtered for string literal for escape characters embedded in SQL statement or user input is not strongly typed and unexpected executed

Answer 21

An application passes unsafe user supplied data (forms, cookies, HTTP headers and etc.) to a system shell

Answer 22

Relies on Social Engineering in order to trick the victim into executing malicious JavaScript code into their browser

Answer 23

Translate source code into some efficient intermediate representation and immediate executes this

Answer 24

Describes sequences of executable instructions that do not necessarily constitute an executable file

Answer 25

Transforms source code written in a programming language into another computer language

Answer 26

Parse the source code and perfom its behavior directly

Answer 27

Condition flags

Answer 28

Program counter

Answer 29

Frame pointer

Answer 30

Stack pointer

Answer 31

into break

Answer 32

Preservers a symbol table entity

Answer 33

The process of recovering assembly from machine code

Answer 34

The process of deallocating arguments on the stack

Answer 35

All of the above

Answer 36

all of the above

Answer 37

procedure invoked by another function

Answer 38

code that invokes a procedure

Answer 39

deallocates arguments on stack after return

Answer 40

registers that must not be clobbered

Answer 41

procedure invoked by another function

Answer 42

code that invokes a procedure

Answer 43

none of the above

Answer 44

store successor

Answer 45

pop successor into rip

Answer 46

jump to address

Answer 47

jump to successor

Answer 48

there is no destinction between jumps and calls

Answer 49

jumps simply transfer control with no side effects, calls used to implement procedures

Answer 50

jumps used to implement procedures, calls simply transfer control with side effects

Answer 51

jumps simply transfer control with side effects, calls used to implement transfers

Answer 52

direct transfers use relative offsets, indirect transfers are absolute

Answer 53

direct transfers are absolute, indirect transfers use relative offsets

Answer 54

direct transfers use fixed offsets, indirect transfers are not absolute

Answer 55

direct transfers are not absolute, indirect transfers use fixed offsets

Answer 56

none of the above

Answer 57

specify the caller and callee’s responsibilities

Answer 58

all of the above

Answer 59

specify where arguments are passed (registers, stack)

Answer 60

stack canaries

Answer 61

memory safe languages, such as Java, C#

Answer 62

using strcpy instead of stcncpy

Answer 63

address space layout randomization

Answer 64

non-executable flag

Answer 65

Large domain

Answer 66

Small domain

Answer 67

Randomness

Answer 68

Replicativeness

Answer 69

Derived from user passcode

Answer 70

Prevents offline attacks

Answer 71

Can only be used while the phone is running

Answer 72

Ensures passcode key is unique for different devices even if passcode is the same

Answer 73

Device allows apps signed by owner’s key to run according to the installed profile

Answer 74

Apple signs a provisioning profile that references developer certs

Answer 75

Users install provisioning profile

Answer 76

Apple signs certificates provided by developers

Answer 77

ContentProvider

Answer 78

BroadcastReceiver

Answer 79

Limited user input capabilities

Answer 80

Mobile devices are at lower risk of confidentiality breachesv

Answer 81

Difficult to perform pre-boot authentication

Answer 82

Difficult to lose or steal a phone than a desktop

Answer 83

Password-Based Key Demonstration Function

Answer 84

Password-Based Key Derivation Function

Answer 85

Password-Based Key Derivation Formula

Answer 86

Password-Based Key DemonstrationFunction (реально там так)

Answer 87

Unlimited user input capabilities

Answer 88

Difficult to perform pre-boot authentication

Answer 89

Uses touch-screen instead of keyboards

Answer 90

File is protected, only accessible when device unlocked

Answer 91

File is not protected

Answer 92

File is protected, accessible after device unlocked

Answer 93

File is protected until user passcode entered

Answer 94

during kill

Answer 95

during installation

Answer 96

during start up

Answer 97

at run time

Answer 98

Logs can be easily deleted

Answer 99

Widely deployed

Answer 100

Easy to detect

Answer 101

No encryption used

Answer 102

Open Web Application Security Project

Answer 103

Online Web Application Security Project

Answer 104

Online Web Application Security Principles

Answer 105

Open Web Application Security Principles

Answer 106

Open Web Application Standards Project

Answer 107

Cross-Site Request Forgery (CSRF)

Answer 108

Using Components with Known Vulnerabilities

Answer 109

Cross-Site Scripting (XSS)

Answer 110

Broken Authentication and Session Management

Answer 111

Sensitive Data Exposure

Answer 112

Insecure Direct Object References

Answer 113

Unvalidated Redirects and Forwards

Answer 114

Missing Function Level Access Control

Answer 115

Sensitive Data Exposure

Answer 116

Using Components with known vulnerabilities

Answer 117

Unvalidated Redirects and Forwards

Answer 118

Missing Function Level Access Control

Answer 119

Insecure Direct Object References

Answer 120

Insecure Direct Object Reference

Answer 121

Cross-site scripting

Answer 122

Cross-Site Request Forgery

Answer 123

Unvalidated Redirects and Forwards

Answer 124

GET/POST parameters

Answer 125

Window.location

Answer 126

Server code

Answer 127

Server configuration files

Answer 128

Use Secure Socket Layer Connection

Answer 129

Replace the credentials with a cryptographic salt and hash

Answer 130

Share the credentials with the client

Answer 131

Accept session IDs from URLs

Answer 132

Use persistent cookies to manage session IDs

Answer 133

a computer program that compiles executions, instructions

Answer 134

a computer program that directly executes, i.e. performs, instructions written in a human language, without previously compiling them into a machine language program

Answer 135

a computer program that directly executes, performs, instructions written in a programming or scripting language, without previously compiling them into a machine language program

Answer 136

a computer program that directly executes, performs, instructions written in a programming or scripting language after compiling them into a machine language program

Answer 137

Intelligence gathering

Answer 138

Finger printing

Answer 139

Verification

Answer 140

Banner grabbing

Answer 141

Intelligence Gathering

Answer 142

Fingerprinting

Answer 143

Banner grabbing

Answer 144

Verification

Answer 145

Footprinting

Answer 146

Use strong approved Authenticated Encryption

Answer 147

Only store sensitive data that you need

Answer 148

Follow applicable regulation on use of cryptography

Answer 149

Ensure that any secret key is protected from unauthorized access

Answer 150

Enable caching for pages that contain sensitive data

Answer 151

Restrict character set used for password

Answer 152

Enable autocomplete on forms collecting sensitive data

Answer 153

Don’t store sensitive data unnecessarily

Answer 154

Ensure that any secret key is protected from unauthorized access

Answer 155

Follow applicable regulation on use of cryptography

Answer 156

Ensure that the cryptographic protection remains secaure even if access control fail

Answer 157

Use strong approved Authenticated Encryption

Answer 158

The lifecycle will specify when data must be rekeyed

Answer 159

The lifecycle will specify when a key should no longer be use for decryption

Answer 160

The lifecycle will specify when a key should no longer be use for encryption

Answer 161

All of them

Answer 162

Cross-Site Request Forgery CSRF

Answer 163

Sensitive Data Exposure

Answer 164

Cross Site Scripting XSS

Answer 165

Cross Site Scripting

Answer 166

Cross-Site Request Forgery

Answer 167

Sensitive Data Exposure

Answer 168

Proper key management or rotation missing

Answer 169

All of them

Answer 170

Browser security directives or headers missing when sensitive data is provided by /sent to the browser

Answer 171

Sensitive data transmitted in clear text, internally or externally

Answer 172

Change the control flow of the program

Answer 173

Report the bag to a developer of the program

Answer 174

Overflows the stack to throw segmentation fault

Answer 175

Rewrite the program variable values

Answer 176

Inject a new functionality to the program

Answer 177

none of them

Answer 178

both of them

Answer 179

all of them

Answer 180

only 1 and 3

Answer 181

only 1 and 2

Answer 182

Instration pointer

Answer 183

Procedure arguments

Answer 184

Frame pointers

Answer 185

Payload size should be smaller than buffer size

Answer 186

Stack should be non-executable

Answer 187

Payload should use libc library

Answer 188

Payload should not contain ZEROS

Answer 189

Unvalidated Redirects and Forwards

Answer 190

Sensitive Data Exposure

Answer 191

Cross – Site Request Forgery

Answer 192

Using Unknown Vulnerable Components

Answer 193

Document Object Model

Answer 194

Structured Query Language

Answer 195

JavaScript Object Notation

Answer 196

ActionScript

Answer 197

JavaScript

Answer 198

Secure Socket Layer (SSL)

Answer 199

Output Sanitization

Answer 200

Input Validation

Answer 201

Cowan, 1996

Answer 202

Cowan, 1998

Answer 203

Vaughan, 1998

Answer 204

Stack canaries

Answer 205

Safer libc functions

Answer 206

Random canaries

Answer 207

Heap canaries

Answer 208

Large domain

Answer 209

Small domain

Answer 210

Jump-oriented programming

Answer 211

Return-oriented programming

Answer 212

Reuse existing code

Answer 213

Return-into-libc

Answer 214

Recognize the names of the addresses

Answer 215

Recognize the locations of the addresses

Answer 216

Randomize the locations of the addresses

Answer 217

Randomize the names of the addresses

Answer 218

Address security layout randomization

Answer 219

Address space layout randomization

Answer 220

Application space layer randomization

Answer 221

Application space layout randomization

Answer 222

Transparent to safe applications

Answer 223

Very little overhead

Answer 224

Requires program recompilation

Answer 225

Randomizing at process creatin

Answer 226

Before returning, check the value against the original

Answer 227

Guard sensitive data, including the saved IP, with a copy of a secret value

Answer 228

If there is a difference, assume something bad has happened and terminate

Answer 229

If there is a difference, assume something good has happened and terminate

Answer 230

Store a one-way and salted value of passwords

Answer 231

Save all your data

Answer 232

Use strong approved Authenticated Encryption

Answer 233

Ensure that any secret key is protected from unauthorized access

Answer 234

Attacker submits malicious code to server

Answer 235

Code included in page rendered by visiting link

Answer 236

Victim accesses page that includes stored, injected code

Answer 237

App (server-side) persists code

Answer 238

Attacker submits malicious code to server

Answer 239

Code included in page rendered by visiting link

Answer 240

Victim accesses page that includes stored, injected code

Answer 241

App (server-side) persists code

Answer 242

Procedure integrity

Answer 243

Output Sanitization

Answer 244

XSS Filter

Answer 245

Internal implementation object

Answer 246

Database key

Answer 247

Ax300 times

Answer 248

Ax256 times, 0x44 times

Answer 249

a. Nothing happens

Answer 250

b. Can obtain administrative privileges

Answer 251

c. Privilege escalation

Answer 252

d. The attacker is able to take control of the execution flow of a program

Answer 253

a. A situation where a running program attempts to write data outside the memory buffer which is not intended to store this data

Answer 254

b. A buffer is simply a contiguous block of computer memory that holds multiple instances of the same data type

Answer 255

c. Portion of the memory allocated for storage programs such as variables

Answer 256

d. The program that wants to overwrite the memory

Answer 257

a. Programmers can directly manipulate pointers

Answer 258

b. Memory accesses are checked

Answer 259

c. Memory accesses are not bounds-checked for validity

Answer 260

d. Programmers cannot directly manipulate pointers

Answer 261

a. Library

Answer 262

a. Library

Answer 263

a. Canary stack has to check variables

Answer 264

b. Stack canary might be reused

Answer 265

c. Stack canary is the constant value

Answer 266

d. Canary stack corrupts the executed code, then instruction will have an ability to set to the next

Answer 267

a. The attacker can monitor and can do recognition of the target

Answer 268

b. The Attacker attempts to alter system resources or destroy the data

Answer 269

c. The Attacker attempts to gain information from the system without destroying the information

Answer 270

d. The Attacker can change the data

Answer 271

a. The Attacker attempts to gain information from the system without destroying the information

Answer 272

b. The Attacker can change the data

Answer 273

d. The Attacker attempts to alter system resources or destroy the data

Answer 274

c. The attacker can monitor and can do recognition of the target

Answer 275

a. Overflow

Answer 276

b. Man in the middle attack

Answer 277

c. Eavesdropping

Answer 278

a. Idle attack

Answer 279

c. Port scanner

Answer 280

b. Eavesdropping

Answer 281

c. Address spoofing

Answer 282

a. Sniffing packets between two hosts on a switched network

Answer 283

b. Filtered packets by IP address

Answer 284

c. Sniffing packets from a user to all hosts

Answer 285

d. Filtered packets by MAC address

Answer 286

a. Sniffing packets from a user to all hosts

Answer 287

b. Sniffing packets between two hosts on a switched network

Answer 288

c. Filtered packets by IP address

Answer 289

d. Filtered packets by MAC address

Answer 290

Port Scanner

Answer 291

a. Change the control flow of the program

Answer 292

c. Report the bug to a developer of the program

Answer 293

d. Overflows the stack to throw segmentation fault

Answer 294

a. No correct answer

Answer 295

b. Small domain

Answer 296

c. Sequence

Answer 297

a. Requires program recompilation

Answer 298

b. Transparent to safe applications

Answer 299

c. Randomizing at process creation

Answer 300

d. Very little overhead

Answer 301

a. The attacker is able to take control of the execution flow of a program

Answer 302

b. Nothing happens

Answer 303

c. Can obtain administrative privileges

Answer 304

d. Privilege escalation

Answer 305

a. Inject a new functionality to the program

Answer 306

b. Overflows the stack to throw segmentation fault

Answer 307

c. No correct answer

Answer 308

d. Report the bug to a developer of the program

Answer 309

a. Inject a new functionality to the program

Answer 310

b. Overflows the stack to throw segmentation fault

Answer 311

c. No correct answer

Answer 312

d. Report the bug to a developer of the program

Answer 313

e. Rewrite the program variable values

Answer 314

a. Address Space Layout Randomization

Answer 315

b. Memory safe languages, such as Java, C

Answer 316

c. Using strcpy instead of strncpy

Answer 317

d. Non-executable Flag

Answer 318

a. Before returning, check the value against the original

Answer 319

b. If there is a difference, assume something bad has happened and terminate

Answer 320

c. Guard sensitive data, including the saved IP, with copy of a secret value

Answer 321

d. If there is a difference, assume something good has happened and terminate

Answer 322

a. All the above

Answer 323

b. Preserves a symbol table entry

Answer 324

d. The process of deallocating arguments on the stack none of the above

Answer 325

c. The process of recovering assembly from machine code

Answer 326

a. Session spotting

Answer 327

b. Replay attack

Answer 328

c. Brute force

Answer 329

d. Session fixation attack

Answer 330

c. For one username attackers test one password

Answer 331

d. For one password attackers test many user names

Answer 332

e. For one username attackers test many passwords

Answer 333

f. All the above mentioned

Answer 334

a. For one password attackers test many user names

Answer 335

b. All the above mentioned

Answer 336

c. For one username attackers test many passwords

Answer 337

d. For one username attackers test one password

Answer 338

a. Using Know Vulnerable Components

Answer 339

b. Missing Function Level Access Control

Answer 340

c. Security Misconfigurations

Answer 341

d. Password Management

Answer 342

a. Identity

Answer 343

c. None of them

Answer 344

d. Undermine authorization and accountability controls cause privacy violation

Answer 345

a. Less technical information, but important

Answer 346

b. Involves relatively high amount of manual work

Answer 347

c. Get as many plausible candidates as possible

Answer 348

d. NS (name server) / MX (mail exchange) records

Answer 349

Application Fingerprinting

Answer 350

Ping Sweep

Answer 351

Port Scanning

Answer 352

OS Fingerprinting

Answer 353

a. Brute Force Attack

Answer 354

b. Session Fixation Attack

Answer 355

c. Session Spotting

Answer 356

d. Replay Attack

Answer 357

a. Replay Attack

Answer 358

b. Brute Force Attack

Answer 359

c. Session Fixation Attack

Answer 360

a. Check if the target candidates are actually alive and reachable

Answer 361

b. Find out more about structure of target

Answer 362

c. All the above mentioned

Answer 363

d. Find out individual computers of target

Answer 364

a. Checks if results are plausible test them

Answer 365

b. Less technical information, but important

Answer 366

c. Involves relatively high amount of manual work

Answer 367

d. Extends scope of security analysis, may reveal new parts of target

Answer 368

e. Gets as many plausible candidates as possible

Answer 369

b. Write a code wo vulnerabilities

Answer 370

c. Stack canaries

Answer 371

d. Non executable code

Answer 372

a. Must be associated to target

Answer 373

b. All the above mentioned

Answer 374

c. Must be confidential

Answer 375

d. Must be able to attack it

Answer 376

a. Must be confidential

Answer 377

b. Must be associated to target

Answer 378

c. Must be able to attack it

Answer 379

d. All the above mentioned

Answer 380

a. Strcpy() function does not perform a bounds check

Answer 381

b. Strcpy library is not included

Answer 382

c. Works correctly

Answer 383

d. To “source” variable copied more expected

Answer 384

a. Buffer allocation

Answer 385

b. Return the value

Answer 386

c. Saves to rbx

Answer 387

d. Call the function

Answer 388

Social Engineering

Answer 389

Cross-site scripting

Answer 390

Unvalidating Redirects and Forwards

Answer 391

Security Misconfiguration

Answer 392

Unvalidating password difficulty

Answer 393

e) Session Hijacking

Answer 394

d) Session Replay

Answer 395

c) Session Fixation

Answer 396

b) Insecure Direct Object References

Answer 397

a) Forwarding system functionality

Answer 398

Properly validate cookie data, URL parameters, all HTML From data

Answer 399

Use reasonable session timeouts

Answer 400

Use secure randomly generated session keys to make prediction impossible

Answer 401

Architect your application to check if the data is encrypted with every request

Answer 402

Do not expose internals to the user

Answer 403

Find out more about structure of target

Answer 404

Find out individual computers of target

Answer 405

Involves relatively high amount of manual work

Answer 406

Check if target candidates are actual alive and reachable

	Creado por хомяк убийца hace alrededor de 7 años

Siguiente

cyber (Beta)

Descripción

Resumen del Recurso

Pregunta 1

Pregunta 2

Pregunta 3

Pregunta 4

Pregunta 5

Pregunta 6

Pregunta 7

Pregunta 8

Pregunta 9

Pregunta 10

Pregunta 11

Pregunta 12

Pregunta 13

Pregunta 14

Pregunta 15

Pregunta 16

Pregunta 17

Pregunta 18

Pregunta 19

Pregunta 20

Pregunta 21

Pregunta 22

Pregunta 23

Pregunta 24

Pregunta 25

Pregunta 26

Pregunta 27

Pregunta 28

Pregunta 29

Pregunta 30

Pregunta 31

Pregunta 32

Pregunta 33

Pregunta 34

Pregunta 35

Pregunta 36

Pregunta 37

Pregunta 38

Pregunta 39

Pregunta 40

Pregunta 41

Pregunta 42

Pregunta 43

Pregunta 44

Pregunta 45

Pregunta 46

Pregunta 47

Pregunta 48

Pregunta 49

Pregunta 50

Pregunta 51

Pregunta 52

Pregunta 53

Pregunta 54

Pregunta 55

Pregunta 56

Pregunta 57

Pregunta 58

Pregunta 59

Pregunta 60

Pregunta 61

Pregunta 62

Pregunta 63

Pregunta 64

Pregunta 65

Pregunta 66

Pregunta 67

Pregunta 68

Pregunta 69

Pregunta 70

Pregunta 71

Pregunta 72

Pregunta 73

Pregunta 74

Pregunta 75

Pregunta 76