Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 7: IDENTIFYING ADVANCED ATTACKS McKinley Technology HS - Cybersecurity.

Published byAdam May Modified over 8 years ago

Similar presentations

Presentation on theme: "CHAPTER 7: IDENTIFYING ADVANCED ATTACKS McKinley Technology HS - Cybersecurity."— Presentation transcript:

1 CHAPTER 7: IDENTIFYING ADVANCED ATTACKS McKinley Technology HS - Cybersecurity

2 Question 1 An attacker enters a string of data in a web application’s input form and crashes it. What type of attack is this? A. DoS B. DDoS C. Man-in-the-Middle D. Header manipulation

3 Question 2 What will protect against a SYN attack? A. Input validation B. Error handling C. Flood guard D. Cross-site scripting

4 Question 3 What can an administrator use to detect a DDoS attack? A. Privilege escalation B. Performance baseline C. Web form sanitization D. Antivirus software

5 Question 4 A user browsing the Internet notices erratic behavior right before the user’s system crashes. After rebooting, the system is slow and the user detects hundreds of outbound connections. What likely occurred? A. The system has become a botnet B. The system is hosting a botnet C. The system is spamming other users D. The system has joined a botnet

6 Question 5 A computer is regularly communicating with an unknown IRC server and sending traffic without user interaction. What is likely causing this? A. Buffer overflow B. Cross-site scripting C. Botnet D. Rootkit

7 Question 6 Of the following choices, what uses a command and control server? A. DoS attacks B. Trojans C. Man-in-the-Middle D. Botnet

8 Question 7 Of the following choices, what type of attack can intercept traffic and insert malicious code into a network conversation? A. Spim B. Xmas attack C. LDAP attack D. Man-in-the-middle

9 Question 8 What can a header manipulation attack modify? A. Flags B. Buffers C. Databases D. Signature definitions

10 Question 9 An attacker is sending false hardware address updates to a system, causing the system to redirect traffic to an attacker. What type of attack is this? A. IRC B. ARP poisoning C. Xmas attack D. DNS poisoning

11 Question 10 What can mitigate ARP poisoning attacks in a network? A. Disable unused ports on a switch B. Man-in-the-middle C. DMZ D. VLAN segregation

12 Question 11 You manage a server hosting a third-party database application. You want to ensure that the application is secure and all unnecessary services are disabled. What should you perform? A. Secure code review B. Application hardening C. White box testing D. Black box testing

13 Question 12 Of the following choices, what is a step used to harden a database application? A. Enabling all services B. Disabling default accounts and changing default passwords C. Disabling SQL D. Disabling stored procedures

14 Question 13 An organization develops its own software. Of the following choices, what is a security practice that should be included in the process? A. Check vendor documentation B. SDLC Waterfall model C. Code review D. Enabling command injection

15 Question 14 An attacker in entering incorrect data into a form on a web page. The result shows the attacker the type of database used by the website and provides hints on what SQL statements the database accepts. What can prevent this? A. Error handling B. Antivirus software C. Anti-spam software D. Flood guards

16 Question 15 Your organization hosts several websites accessible on the Internet and is conducting a security review of these sites. Of the following choices, that is the most common security issue for web-based applications? A. Input validation B. Phishing C. Whaling D. Social engineering

17 Question 16 An IDS detected a NOOP sled. What kind of attack does this indicate? A. Input validation B. SQL injection C. Cross-site scripting D. Buffer overflow

18 Question 17 A web-based application expects a user to enter eight characters into the text box. What is a potential vulnerability for this application? A. Input validation B. Buffer overflow C. SYN flood D. Flood guard

19 Question 18 Of the following choices, what can help prevent SQL injection attacks? A. Output validation B. NOOP sleds C. Stored procedures D. Antivirus software

20 Question 19 A web developer wants to prevent cross-site scripting. What should the developer do? A. Use input validation to remove hypertext B. Use input validation to remove cookies C. Use input validation to SQL statements D. Use input validation to overflow buffers

21 Question 20 A website prevents users from using the less- than character (<) when entering data into forms. What is it trying to prevent? A. Logic bomb B. Cross-site scripting C. Fuzzing D. SQL injection

22 Question 21 While analyzing an application log, you discover several entries where a user has entered the following command into a web- based form:…/etc/passwd. What does this indicate? A. Fuzzing B. Kiting C. Command injection attack D. DoS

23 Question 22 In regards to secure coding practices, why is input validation important? A. It mitigates buffer overflow attacks. B. It makes the code more readable. C. It provides an application configuration baseline. D. It meets gray box testing standards.

24 Question 24 Which of the following steps should follow the deployment of a patch? A. Antivirus and anti-malware deployment B. Audit and verification C. Fuzzing and exploitation D. Error and exception handling

25 Question 25 A security administrator is observing congestion on the firewall interfaces and a high number of half open incoming connections from different external IP addresses. Which of the following attack types is underway? A. Cross-site scripting B. SPIM C. Client-side D. DDoS

26 Question 26 Which of the following tools would Matt, a security administrator, MOST likely use to analyze a malicious payload? A. Vulnerability scanner B. Fuzzer C. Port scanner D. Protocol analyzer

27 Question 27 Which of the following application security testing techniques is implemented when an automated system generates random input data? A. Fuzzing B. XSRF C. Hardening D. Input validation

28 Question 28 Which of the following application security testing techniques is implemented when an automated system generates random input data? A. Fuzzing B. XSRF C. Hardening D. Input validation

29 Question 30 Which of the following BEST describes a protective countermeasure for SQL injection? A. Eliminating cross-site scripting vulnerabilities B. Installing an IDS to monitor network traffic C. Validating user input in web applications D. Placing a firewall between the Internet and database servers

30 Question 31 Which of the following BEST describes a protective countermeasure for SQL injection? A. XSS B. SQL injection C. Directory traversal D. Packet sniffing

31 Question 32 When checking his webmail, Matt, a user, changes the URL’s string of characters and is able to get into another user’s inbox. This is an example of which of the following? A. Header manipulation B. SQL injection C. XML injection D. Session hijacking

32 Question 33 Which of the following is the below pseudo-code an example of? IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT A. Buffer overflow prevention B. Input validation C. CSRF prevention D. Cross-site scripting prevention

33 Question 34 After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen: ‘Please only use letters and numbers on these fields’ Which of the following is this an example of? A. Proper error handling B. Proper input validation C. Improper input validation D. Improper error handling

34 Question 35 Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected? A. Application design B. Application security C. Initial baseline configuration D. Management of interfaces

35 Question 36 An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that: A. it is being caused by the presence of a rogue access point. B. it is the beginning of a DDoS attack. C. the IDS has been compromised. D. the internal DNS tables have been poisoned.

36 Question 37 Matt, a security administrator, is receiving reports about several SQL injections and buffer overflows through his company’s website. Which of the following would reduce the amount of these attack types? A. Antivirus B. Anti-spam C. Input validation D. Host based firewalls

37 Question 38 Mike, a user, receives an email from his grandmother stating that she is in another country and needs money. The email address belongs to his grandmother. Which of the following attacks is this? A. Man-in-the-middle B. Spoofing C. Relaying D. Pharming

38 Question 39 Which of the following sets numerous flag fields in a TCP packet? A. XMAS attack B. DNS poisoning C. SYN flood D. ARP poisoning

39 Question 40 In planning for a firewall implementation, Pete, a security administrator, needs a tool to help him understand what traffic patterns are normal on his network. Which of the following tools would help Pete determine traffic patterns? A. Syslog B. Protocol analyzer C. Proxy server D. Firewall

40 Question 41 Which of the following application attacks is used to gain access to SEH? A. Cookie stealing B. Buffer overflow C. Directory traversal D. XML injection

41 Question 42 Which of the following application attacks is used to gain access to SEH? A. Cookie stealing B. Buffer overflow C. Directory traversal D. XML injection

42 Question 43 Which of the following does a second authentication requirement mitigate when accessing privileged areas of a website, such as password changes or user profile changes? A. Cross-site scripting B. Cookie stealing C. Packet sniffing D. Transitive access

43 Question 44 A buffer overflow can result in which of the following attack types? A. DNS poisoning B. Zero-day C. Privilege escalation D. ARP poisoning

44 Question 45 Which of the following BEST describes a directory traversal attack? A. A malicious user can insert a known pattern of symbols in a URL to access a file in another section of the directory. B. A malicious user can change permissions or lock out user access from a webroot directory or subdirectories. C. A malicious user can delete a file or directory in the webroot directory or subdirectories. D. A malicious user can redirect a user to another website across the Internet.

45 Question 46 In her morning review of new vendor patches, a security administrator has identified an exploit that is marked as critical. Which of the following is the BEST course of action? A. The security administrator should wait seven days before testing the patch to ensure that the vendor does not issue an updated version, which would require reapplying the patch. B. The security administrator should download the patch and install it to her workstation to test whether it will be able to be applied to all workstations in the environment. C. The security administrator should alert the risk management department to document the patch and add it to the next monthly patch deployment cycle. D. The security administrator should download the patch to the test network, apply it to affected systems, and evaluate the results on the test systems.

46 Question 47 In Sara, an IT security technician, has identified security weaknesses within her company’s code. Which of the following is a common security coding issue? A. Input validation B. Application fuzzing C. Black box testing D. Vulnerability scanning

47 Question 48 Which of the following is an application security coding problem? A. Error and exception handling B. Patch management C. Application hardening D. Application fuzzing

48 Question 49 An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement? A. Implement IIS hardening by restricting service accounts. B. Implement database hardening by applying vendor guidelines. C. Implement perimeter firewall rules to restrict access. D. Implement OS hardening by applying GPOs.

49 Question 50 Which of the following can BEST help prevent cross- site scripting attacks and buffer overflows on a production system? A. Input validation B. Network intrusion detection system C. Anomaly-based HIDS D. Peer review

Download ppt "CHAPTER 7: IDENTIFYING ADVANCED ATTACKS McKinley Technology HS - Cybersecurity."

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Understand Database Security Concepts

Understand Database Security Concepts
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Guide to Network Defense and Countermeasures Chapter 2.

1 Guide to Network Defense and Countermeasures Chapter 2.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Chapter Three. Which of the following protocols is a file transfer protocol using SSH? A.SFTP B.TFTP C.SICMP D.CCMP.

Chapter Three. Which of the following protocols is a file transfer protocol using SSH? A.SFTP B.TFTP C.SICMP D.CCMP.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering

Similar presentations

Ads by Google