Question 1

Because of the minor role it plays, DNS is never the focus of attacks.

Accepted Answer

A) True 
 B)False  False

Question 2

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.

Accepted Answer

A) True 
 B)False  False

Question 3

HTML uses which option below within embedded brackets () causing a web browser to display text in a specific format?

Accepted Answer

A) ​blocks 
B) ​marks 
C) ​taps 
D) ​tags 
A) ​blocks 
B) ​marks 
C) ​taps 
D) ​tags D

Question 4

In a drive-by download attack, provide an example of how an attacker might avoid visual detection.​

Accepted Answer

An attacker might make use of

Question 5

Choose the SQL injection statement example below that could be used to find specific users:

Accepted Answer

A) whatever' OR full_name = '%Mia%' 
B) whatever' OR full_name IS '%Mia%' 
C) whatever' OR full_name LIKE '%Mia%' 
D) whatever' OR full_name equals '%Mia%' 
A) whatever' OR full_name = '%Mia%' 
B) whatever' OR full_name IS '%Mia%' 
C) whatever' OR full_name LIKE '%Mia%' 
D) whatever' OR full_name equals '%Mia%'

Question 6

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

Accepted Answer

A) ​Privilege escalation 
B) ​DNS cache poisoning 
C) ​ARP poisoning 
D) ​Man-in-the-middle 
A) ​Privilege escalation 
B) ​DNS cache poisoning 
C) ​ARP poisoning 
D) ​Man-in-the-middle

Question 7

Match the following terms to the appropriate definitions.
-​An attack that injects scripts into a web application server to direct attacks at clients.

Accepted Answer

A) Address Resolution Protocol (ARP) 
B) ARP Poisoning 
C) Buffer overflow attack 
D) Command injection 
E) Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token	
J) Smurf attack 
A) Address Resolution Protocol (ARP) 
B) ARP Poisoning 
C) Buffer overflow attack 
D) Command injection 
E) Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token	
J) Smurf attack

Question 8

Describe the two types of privilege escalation.

Accepted Answer

Vertical privilege escalation is when a

Question 9

What language below is designed to display data, with a primary focus on how the data looks?

Accepted Answer

A) XML 
B) HTML 
C) SGML 
D) ISL 
A) XML 
B) HTML 
C) SGML 
D) ISL

Question 10

A web browser makes a request for a web page using the ________________.

Accepted Answer

Hypertext

Question 11

How does a SYN flood attack work?​

Accepted Answer

A SYN flood attack involves an attacker

Question 12

Match the following terms to the appropriate definitions.
-​An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Accepted Answer

A) Address Resolution Protocol (ARP) 
B) ARP Poisoning 
C) Buffer overflow attack 
D) Command injection 
E) Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token	
J) Smurf attack 
A) Address Resolution Protocol (ARP) 
B) ARP Poisoning 
C) Buffer overflow attack 
D) Command injection 
E) Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token	
J) Smurf attack

Question 13

Match the following terms to the appropriate definitions.
-An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer​

Accepted Answer

A) Address Resolution Protocol (ARP) 
B) ARP Poisoning 
C) Buffer overflow attack 
D) Command injection 
E) Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token	
J) Smurf attack 
A) Address Resolution Protocol (ARP) 
B) ARP Poisoning 
C) Buffer overflow attack 
D) Command injection 
E) Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token	
J) Smurf attack

Question 14

List three of the most common Web application attacks.

Accepted Answer

The most common Web applicatio

Question 15

Match the following terms to the appropriate definitions.
-​An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

Accepted Answer

A) Address Resolution Protocol (ARP) 
B) ARP Poisoning 
C) Buffer overflow attack 
D) Command injection 
E) Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token	
J) Smurf attack 
A) Address Resolution Protocol (ARP) 
B) ARP Poisoning 
C) Buffer overflow attack 
D) Command injection 
E) Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token	
J) Smurf attack

Question 16

How does a cross-site scripting (XSS) attack work?

Accepted Answer

A cross site scripting attack

Question 17

To what specific directory are users generally restricted to on a web server?

Accepted Answer

A) top 
B) base 
C) root 
D) tap 
A) top 
B) base 
C) root 
D) tap

Question 18

Which SQL injection statement can be used to erase an entire database table?

Accepted Answer

A) whatever'; DROP TABLE members; -- 
B) whatever'; DELETE TABLE members; -- 
C) whatever'; UPDATE TABLE members; -- 
D) whatever'; RENAME TABLE members; -- 
A) whatever'; DROP TABLE members; -- 
B) whatever'; DELETE TABLE members; -- 
C) whatever'; UPDATE TABLE members; -- 
D) whatever'; RENAME TABLE members; --

Question 19

Attacks that take place against web based services are considered to be what type of attack?

Accepted Answer

A) client-side 
B) hybrid 
C) server-side 
D) relationship 
A) client-side 
B) hybrid 
C) server-side 
D) relationship

Question 20

What is the goal of a directory traversal attack?​

Accepted Answer

A directory traversal attack is used to

Because of the minor role it plays, DNS is never the focus of attacks.

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.

HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?

In a drive-by download attack, provide an example of how an attacker might avoid visual detection.

Choose the SQL injection statement example below that could be used to find specific users:

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Match the following terms to the appropriate definitions. -An attack that injects scripts into a web application server to direct attacks at clients.

Describe the two types of privilege escalation.

What language below is designed to display data, with a primary focus on how the data looks?

A web browser makes a request for a web page using the ________________.

How does a SYN flood attack work?

Match the following terms to the appropriate definitions. -An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Match the following terms to the appropriate definitions. -An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

List three of the most common Web application attacks.

Match the following terms to the appropriate definitions. -An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

How does a cross-site scripting (XSS) attack work?

To what specific directory are users generally restricted to on a web server?

Which SQL injection statement can be used to erase an entire database table?

Attacks that take place against web based services are considered to be what type of attack?

What is the goal of a directory traversal attack?

Introduction to Security

Malware and Social Engineering Attacks

Host, Application, and Data Security

Basic Cryptography

Advanced Cryptography

Network Security

Administering a Secure Network

Wireless Network Security

Mobile Device Security

Access Control Fundamentals

Authentication and Account Management

Business Continuity

Risk Mitigation

Vulnerability Assessment and Third Party Integration

Filters

Exam 3: Application and Networking-Based Attacks

Because of the minor role it plays, DNS is never the focus of attacks.

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.

HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?

In a drive-by download attack, provide an example of how an attacker might avoid visual detection.​

Choose the SQL injection statement example below that could be used to find specific users:

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

Match the following terms to the appropriate definitions. -​An attack that injects scripts into a web application server to direct attacks at clients.

Describe the two types of privilege escalation.

What language below is designed to display data, with a primary focus on how the data looks?

A web browser makes a request for a web page using the ________________.

How does a SYN flood attack work?​

Match the following terms to the appropriate definitions. -​An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Match the following terms to the appropriate definitions. -An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer​

List three of the most common Web application attacks.

Match the following terms to the appropriate definitions. -​An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

How does a cross-site scripting (XSS) attack work?

To what specific directory are users generally restricted to on a web server?

Which SQL injection statement can be used to erase an entire database table?

Attacks that take place against web based services are considered to be what type of attack?

What is the goal of a directory traversal attack?​

Introduction to Security

Malware and Social Engineering Attacks

Host, Application, and Data Security

Basic Cryptography

Advanced Cryptography

Network Security

Administering a Secure Network

Wireless Network Security

Mobile Device Security

Access Control Fundamentals

Authentication and Account Management

Business Continuity

Risk Mitigation

Vulnerability Assessment and Third Party Integration

Filters

In a drive-by download attack, provide an example of how an attacker might avoid visual detection.

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Match the following terms to the appropriate definitions. -An attack that injects scripts into a web application server to direct attacks at clients.

How does a SYN flood attack work?

Match the following terms to the appropriate definitions. -An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Match the following terms to the appropriate definitions. -An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

Match the following terms to the appropriate definitions. -An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

What is the goal of a directory traversal attack?