Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 3: Application and Network Attacks

Full screen (f)
exit full mode
Question
The SQL injection statement ____ erases the database table.

A) whatever'; DROP TABLE members; --
B) whatever'; DELETE TABLE members; --
C) whatever'; UPDATE TABLE members; --
D) whatever'; RENAME TABLE members; --
Use Space or
up arrow
down arrow
to flip the card.
Question
The SQL injection statement ____ discovers the name of a table.

A) whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --
B) whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
C) whatever; AND 1=(SELECT COUNT(*) FROM tabname); --
D) whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --
Question
Users who access a Web server are usually restricted to the ____ directory.

A) top
B) base
C) root
D) tap
Question
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.
Question
____ is a language used to view and manipulate data that is stored in a relational database.

A) C
B) DQL
C) SQL
D) ISL
Question
A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.

A) buffer overflow
B) drive-by-download
C) denial of service
D) stack underflow
Question
____ is designed to display data, with the primary focus on how the data looks.

A) XML
B) HTML
C) SGML
D) ISL
Question
____ is for the transport and storage of data, with the focus on what the data is.

A) XML
B) HTML
C) SGML
D) SML
Question
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
Question
The "omnipresence" of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today.
Question
The expression ____ up one directory level.

A) ;/traverses
B)./traverses
C) %20/traverses
D)../ traverses
Question
For a Web server's Linux system, the default root directory is typically ____.

A) /var/www
B) C:\inetpub\wwwroot
C) /var/root
D) /home/root
Question
The SQL injection statement ____ determines the names of different fields in a database.

A) whatever AND email IS NULL; --
B) whatever; AND email IS NULL; --
C) whatever" AND email IS NULL; --
D) whatever' AND email IS NULL; --
Question
HTML is a markup language that uses specific ____ embedded in brackets.

A) blocks
B) marks
C) taps
D) tags
Question
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
Question
Because of the minor role it plays, DNS is never the focus of attacks.
Question
The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.

A) HTTP header
B) HTML header
C) XML header
D) SSL header
Question
The SQL injection statement ____ finds specific users.

A) whatever' OR full_name = '%Mia%'
B) whatever' OR full_name IS '%Mia%'
C) whatever' OR full_name LIKE '%Mia%'
D) whatever' OR full_name equals '%Mia%'
Question
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.

A) /var/www
B) C:\Inetpub\ wwwroot
C) /var/html
D) /etc/var/www
Question
Web application attacks are considered ____ attacks.

A) client-side
B) hybrid
C) server-side
D) relationship
Question
Why would you want to limit access to the root directory of a Web server?
Question
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.

A) HTTP
B) NSDB
C) URNS
D) DNS
Question
The ____________________ directory is a specific directory on a Web server's file system.
Question
List three of the most common Web application attacks.
Question
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.
Question
Describe how to harden a Web server.
Question
____ substitutes DNS addresses so that the computer is automatically redirected to another device.

A) DNS poisoning
B) Phishing
C) DNS marking
D) DNS overloading
Question
A ____ attack is similar to a passive man-in-the-middle attack.

A) replay
B) hijacking
C) denial
D) buffer overflow
Question
Describe a cross-site scripting (XSS) attack.
Question
All Web traffic is based on the ____________________ protocol.
Question
____ is an attack in which an attacker attempts to impersonate the user by using his session token.

A) Session replay
B) Session spoofing
C) Session hijacking
D) Session blocking
Question
When DNS servers exchange information among themselves it is known as a ____.

A) resource request
B) zone disarticulation
C) zone transfer
D) zone removal
Question
The predecessor to today's Internet was a network known as ____________________.
Question
What does a user need to perform a directory traversal attack?
Question
Describe a drive-by-download attack.
Question
A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.
Question
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.

A) DNS spooking
B) DNS poisoning
C) DNS bonding
D) DNS blacklisting
Question
Explain the HTTP header referrer attack.
Question
Describe the differences between XML and HTML.
Question
Describe the two types of privilege escalation.
Question
Explain the approach attackers use against DNS servers.
Question
Match between columns
Premises:
Responses:
Created from the Web site that a user is currently viewing
Zero day attack
Created from the Web site that a user is currently viewing
Cross-site scripting (XSS) attack
Created from the Web site that a user is currently viewing
Directory traversal attack
Created from the Web site that a user is currently viewing
Command injection
Created from the Web site that a user is currently viewing
Client-side attack
Created from the Web site that a user is currently viewing
First-party cookie
Created from the Web site that a user is currently viewing
Access rights
Created from the Web site that a user is currently viewing
Privilege escalation
Created from the Web site that a user is currently viewing
Transitive access
Privileges that are granted to users to access hardware and software resources
Zero day attack
Privileges that are granted to users to access hardware and software resources
Cross-site scripting (XSS) attack
Privileges that are granted to users to access hardware and software resources
Directory traversal attack
Privileges that are granted to users to access hardware and software resources
Command injection
Privileges that are granted to users to access hardware and software resources
Client-side attack
Privileges that are granted to users to access hardware and software resources
First-party cookie
Privileges that are granted to users to access hardware and software resources
Access rights
Privileges that are granted to users to access hardware and software resources
Privilege escalation
Privileges that are granted to users to access hardware and software resources
Transitive access
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Zero day attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Cross-site scripting (XSS) attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Directory traversal attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Command injection
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Client-side attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
First-party cookie
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Access rights
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Privilege escalation
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Transitive access
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Zero day attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Cross-site scripting (XSS) attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Directory traversal attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Command injection
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Client-side attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
First-party cookie
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Access rights
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Privilege escalation
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Transitive access
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Zero day attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Cross-site scripting (XSS) attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Directory traversal attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Command injection
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Client-side attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
First-party cookie
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Access rights
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Privilege escalation
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Transitive access
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Zero day attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Cross-site scripting (XSS) attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Directory traversal attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Command injection
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Client-side attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
First-party cookie
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Access rights
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Privilege escalation
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Transitive access
An attack involving using a third party to gain access rights.
Zero day attack
An attack involving using a third party to gain access rights.
Cross-site scripting (XSS) attack
An attack involving using a third party to gain access rights.
Directory traversal attack
An attack involving using a third party to gain access rights.
Command injection
An attack involving using a third party to gain access rights.
Client-side attack
An attack involving using a third party to gain access rights.
First-party cookie
An attack involving using a third party to gain access rights.
Access rights
An attack involving using a third party to gain access rights.
Privilege escalation
An attack involving using a third party to gain access rights.
Transitive access
Injects scripts into a Web application server that will then direct attacks at clients
Zero day attack
Injects scripts into a Web application server that will then direct attacks at clients
Cross-site scripting (XSS) attack
Injects scripts into a Web application server that will then direct attacks at clients
Directory traversal attack
Injects scripts into a Web application server that will then direct attacks at clients
Command injection
Injects scripts into a Web application server that will then direct attacks at clients
Client-side attack
Injects scripts into a Web application server that will then direct attacks at clients
First-party cookie
Injects scripts into a Web application server that will then direct attacks at clients
Access rights
Injects scripts into a Web application server that will then direct attacks at clients
Privilege escalation
Injects scripts into a Web application server that will then direct attacks at clients
Transitive access
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Zero day attack
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Cross-site scripting (XSS) attack
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Directory traversal attack
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Command injection
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Client-side attack
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
First-party cookie
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Access rights
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Privilege escalation
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Transitive access
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/42
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 3: Application and Network Attacks
1
The SQL injection statement ____ erases the database table.

A) whatever'; DROP TABLE members; --
B) whatever'; DELETE TABLE members; --
C) whatever'; UPDATE TABLE members; --
D) whatever'; RENAME TABLE members; --
A
2
The SQL injection statement ____ discovers the name of a table.

A) whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --
B) whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
C) whatever; AND 1=(SELECT COUNT(*) FROM tabname); --
D) whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --
B
3
Users who access a Web server are usually restricted to the ____ directory.

A) top
B) base
C) root
D) tap
C
4
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
5
____ is a language used to view and manipulate data that is stored in a relational database.

A) C
B) DQL
C) SQL
D) ISL
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
6
A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.

A) buffer overflow
B) drive-by-download
C) denial of service
D) stack underflow
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
7
____ is designed to display data, with the primary focus on how the data looks.

A) XML
B) HTML
C) SGML
D) ISL
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
8
____ is for the transport and storage of data, with the focus on what the data is.

A) XML
B) HTML
C) SGML
D) SML
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
9
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
10
The "omnipresence" of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
11
The expression ____ up one directory level.

A) ;/traverses
B)./traverses
C) %20/traverses
D)../ traverses
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
12
For a Web server's Linux system, the default root directory is typically ____.

A) /var/www
B) C:\inetpub\wwwroot
C) /var/root
D) /home/root
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
13
The SQL injection statement ____ determines the names of different fields in a database.

A) whatever AND email IS NULL; --
B) whatever; AND email IS NULL; --
C) whatever" AND email IS NULL; --
D) whatever' AND email IS NULL; --
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
14
HTML is a markup language that uses specific ____ embedded in brackets.

A) blocks
B) marks
C) taps
D) tags
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
15
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
16
Because of the minor role it plays, DNS is never the focus of attacks.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
17
The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.

A) HTTP header
B) HTML header
C) XML header
D) SSL header
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
18
The SQL injection statement ____ finds specific users.

A) whatever' OR full_name = '%Mia%'
B) whatever' OR full_name IS '%Mia%'
C) whatever' OR full_name LIKE '%Mia%'
D) whatever' OR full_name equals '%Mia%'
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
19
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.

A) /var/www
B) C:\Inetpub\ wwwroot
C) /var/html
D) /etc/var/www
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
20
Web application attacks are considered ____ attacks.

A) client-side
B) hybrid
C) server-side
D) relationship
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
21
Why would you want to limit access to the root directory of a Web server?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
22
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.

A) HTTP
B) NSDB
C) URNS
D) DNS
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
23
The ____________________ directory is a specific directory on a Web server's file system.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
24
List three of the most common Web application attacks.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
25
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
26
Describe how to harden a Web server.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
27
____ substitutes DNS addresses so that the computer is automatically redirected to another device.

A) DNS poisoning
B) Phishing
C) DNS marking
D) DNS overloading
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
28
A ____ attack is similar to a passive man-in-the-middle attack.

A) replay
B) hijacking
C) denial
D) buffer overflow
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
29
Describe a cross-site scripting (XSS) attack.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
30
All Web traffic is based on the ____________________ protocol.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
31
____ is an attack in which an attacker attempts to impersonate the user by using his session token.

A) Session replay
B) Session spoofing
C) Session hijacking
D) Session blocking
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
32
When DNS servers exchange information among themselves it is known as a ____.

A) resource request
B) zone disarticulation
C) zone transfer
D) zone removal
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
33
The predecessor to today's Internet was a network known as ____________________.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
34
What does a user need to perform a directory traversal attack?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
35
Describe a drive-by-download attack.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
36
A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
37
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.

A) DNS spooking
B) DNS poisoning
C) DNS bonding
D) DNS blacklisting
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
38
Explain the HTTP header referrer attack.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
39
Describe the differences between XML and HTML.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
40
Describe the two types of privilege escalation.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
41
Explain the approach attackers use against DNS servers.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
42
Match between columns
Premises:
Responses:
Created from the Web site that a user is currently viewing
Zero day attack
Created from the Web site that a user is currently viewing
Cross-site scripting (XSS) attack
Created from the Web site that a user is currently viewing
Directory traversal attack
Created from the Web site that a user is currently viewing
Command injection
Created from the Web site that a user is currently viewing
Client-side attack
Created from the Web site that a user is currently viewing
First-party cookie
Created from the Web site that a user is currently viewing
Access rights
Created from the Web site that a user is currently viewing
Privilege escalation
Created from the Web site that a user is currently viewing
Transitive access
Privileges that are granted to users to access hardware and software resources
Zero day attack
Privileges that are granted to users to access hardware and software resources
Cross-site scripting (XSS) attack
Privileges that are granted to users to access hardware and software resources
Directory traversal attack
Privileges that are granted to users to access hardware and software resources
Command injection
Privileges that are granted to users to access hardware and software resources
Client-side attack
Privileges that are granted to users to access hardware and software resources
First-party cookie
Privileges that are granted to users to access hardware and software resources
Access rights
Privileges that are granted to users to access hardware and software resources
Privilege escalation
Privileges that are granted to users to access hardware and software resources
Transitive access
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Zero day attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Cross-site scripting (XSS) attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Directory traversal attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Command injection
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Client-side attack
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
First-party cookie
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Access rights
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Privilege escalation
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
Transitive access
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Zero day attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Cross-site scripting (XSS) attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Directory traversal attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Command injection
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Client-side attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
First-party cookie
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Access rights
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Privilege escalation
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Transitive access
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Zero day attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Cross-site scripting (XSS) attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Directory traversal attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Command injection
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Client-side attack
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
First-party cookie
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Access rights
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Privilege escalation
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Transitive access
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Zero day attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Cross-site scripting (XSS) attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Directory traversal attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Command injection
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Client-side attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
First-party cookie
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Access rights
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Privilege escalation
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Transitive access
An attack involving using a third party to gain access rights.
Zero day attack
An attack involving using a third party to gain access rights.
Cross-site scripting (XSS) attack
An attack involving using a third party to gain access rights.
Directory traversal attack
An attack involving using a third party to gain access rights.
Command injection
An attack involving using a third party to gain access rights.
Client-side attack
An attack involving using a third party to gain access rights.
First-party cookie
An attack involving using a third party to gain access rights.
Access rights
An attack involving using a third party to gain access rights.
Privilege escalation
An attack involving using a third party to gain access rights.
Transitive access
Injects scripts into a Web application server that will then direct attacks at clients
Zero day attack
Injects scripts into a Web application server that will then direct attacks at clients
Cross-site scripting (XSS) attack
Injects scripts into a Web application server that will then direct attacks at clients
Directory traversal attack
Injects scripts into a Web application server that will then direct attacks at clients
Command injection
Injects scripts into a Web application server that will then direct attacks at clients
Client-side attack
Injects scripts into a Web application server that will then direct attacks at clients
First-party cookie
Injects scripts into a Web application server that will then direct attacks at clients
Access rights
Injects scripts into a Web application server that will then direct attacks at clients
Privilege escalation
Injects scripts into a Web application server that will then direct attacks at clients
Transitive access
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Zero day attack
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Cross-site scripting (XSS) attack
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Directory traversal attack
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Command injection
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Client-side attack
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
First-party cookie
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Access rights
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Privilege escalation
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Transitive access
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree