Chapter 7 Reviewx

Download Report

Transcript Chapter 7 Reviewx

Chapter Seven Test Review – 401-SYO
An IDS alert on increased traffic. Upon
investigation, you realize it is due to a spike in
network traffic from several sources. Assuming
this is malicious, that is the MOST likely
explanation?
A.
B.
C.
D.
A smurf attack
A flood guard attack
A DoS attack
A DDoS attack
A network administrator needs to ensure the
company’s network is protected against smurf
attacks. What should the network administrator
do?
A. Install flood guards
B. Use salting techniques
C. Verify border routers block directed
broadcasts
D. Ensure protocols use timestamps and
sequence numbers
Which of the following is the BEST method to
protect against someone trying to guess the
correct PIN to withdraw money from an ATM?
A.
B.
C.
D.
Account lockouts
Rainbow table
Salting
Input validation
Which of the following is the BEST method to
protect against someone trying to guess the
correct PIN to withdraw money from an ATM?
A.
B.
C.
D.
Account lockouts
Rainbow table
Salting
Input validation
An application stores user passwords in a
hashed format. Which of the following can
decrease the likelihood that attackers can
discover these passwords?
A.
B.
C.
D.
Rainbow tables
MD5
Salt
Smurf
A user complains that his system is no longer
able to access the blogs.getcertfiedgetahead.co
site. Instead, his browser goes to a different site.
After investigation, you notice the following
entries in the user’s hosts file:
127.0.0.1 local host
72.52.230 233 blogs.getcertifiedgetahead.com
What is the BEST explanation for this entry?
A. A pharming attack
B. A whaling attack
C. Session hijacking
D. A phishing attack
Security analysts recently discovered that users
in our organization are inadvertently installing
malware on their systems after visiting the
compia.org website. Users have a legitimate
requirement to visit the comptia.org web site.
What is the MOST likely explanation for this
activity?
A.
B.
C.
D.
Smurf
Typo squatting
Fuzzing
Replay
An attacker recently attacked a web server osted
by your company. After investigation, security
professionals determined that the attacker used a
previously unknown application exploit. Which
of the following BEST identifies this attack?
A.
B.
C.
D.
Buffer overflow
Zero-day attack
Fuzzing
Session hijacking
Which of the following developer techniques
results insignificant security vulnerabilities for
online web site applications?
A.
B.
C.
D.
Buffer overflow
XSRF
Poor input validation
Hardening
An attacker is bypassing client-side input
validation by intercepting and modifying data
within the HTTP POST command. Which of the
following does the attacker use in this attack?
A.
B.
C.
D.
Command injection
Flash cookie
Proxy
Exception handling
Web developers are implementing error and
exception handling in a web site application.
Which of the following represents a best
practice for this?
A. Displaying a detailed error message but
logging generic information of the error
B. Displaying a generic error message but
logging detailed information of the error
C. Displaying a generic error message but
logging generic information of the error
D. Displaying a detailed error message but
logging detailed information of the error
While reviewing logs for a web application, a
developer, a developer notices that is has
crashed several times reporting a memory error.
Shortly after it crashes, the logs show malicious
code that isn’t part of a known application.
What is MOST likely occurring?
A. Buffer overflow
B. XSS
C. Cross-site scripting
D. XML injection
An application on one of your database servers
has crashed several times recently. Examining
detailed debugging logs, you discover that just
prior to crashing, the database application
receiving a long series of x90 characters. What
is the MOST likely occurring?
A.
B.
C.
D.
SQL injection
Buffer overflow
XML injection
Zero-day
Attackers have attacked an online web server using
a SQL injection using a SQL injection attack. Which
of the following BEST describes this?
A. The attacker is attempting to overload the
system with unexpected data and access
memory locations
B. The attacker is attempting to impersonate a
user using HTML code
C. The attacker is sending random data into a
program to see if the application will crash
D. The attacker is attempting to pass
commands to a back-end database server to
While creating a web application, a developer
adds code to limit data provided by users. The
code prevents users from entering special
characters. Which of the following attacks will
this code MOST likely prevent?
A.
B.
C.
D.
Sniffing
Spoofing
XSS
Pharming
Homer recently received an email thanking him for
a purchase noticed a pop-up window, which
included the following code:
<body onload=“document.getElementsByID(‘myform’).submit()’>
<form id=“myForm” action=“gcgapremium.com/purchase.php” method=
‘”post”
<input name=“Buy Now” value”Buy Now” value=“BuyNow”/>
</form>
</body>
What is the MOST likely explanation?
A.
B.
C.
D.
XSRF
Buffer overflow
SQL injection
Fuzzing
Which of the following is an attack against servers
hosting a directory service?
A.
B.
C.
D.
XSS
LDAP
SXRF
Fuzzing
Your organization hosts a web site within a SMZ
and the web site accesses a database server in the
internal network. ACLs on firewalls prevent any
connections to the database server except from the
web server. Database fields holding customer data
are encrypted and all data in transit between the
web site server and the database server are
encrypted. Which of the following represents the
GREATEST risk to the data on the server?
A. Theft of the database server
B. XML injection
C. SQL injection
D. Sniffing
A security tester is sending random data to a
program. What does this describe?
A.
B.
C.
D.
Fuzzing
Buffer overflow
Integer overflow
Command injection
Your organization is preparing to deploy a webbased application, which will accept user input.
Which of the following will test the reliability of
this application to maintain availability and data
integrity?
A.
B.
C.
D.
Secure coding
Input validation
Error handling
Fuzzing
A web developer wants to reduce the chances of
an attacker successfully launching XSRF attacks
against a web site application. Which of the
following provides the BEST protection?
A.
B.
C.
D.
Client-side input validation
Web proxy
Antivirus software
Server-side input validation
A code review of a web application discovered
that the application is not performing boundary
checking. What should the web developer add to
this application to resolve this issue?
A.
B.
C.
D.
XRSF
XSS
Input validation
Fuzzing
Your organization develops web application
software, which it sells to other companies for
commercial use. To ensure the software is secure,
your organization uses a peer assessment to help
identify potential security issues related to the
software. Which of the following is the BEST term
for this process?
A.
B.
C.
D.
Code review
Change management
Routine audit
Rights and permissions review
Your organization develops web application
software, which it sells to other companies for
commercial use. Your organization wants to
ensure that the software isn’t susceptible to
common vulnerabilities, such as buffer overflow
attacks and race conditions. What should the
organization implement to ensure software meets
this standard?
A. Input validation
B. Change management
C. Code review
D. Regression testing
You need to periodically check the configuration
of a server and identify any changes. What are
you performing?
A.
B.
C.
D.
Code review
Design review
Attack surface review
Baseline review
You need to periodically check the configuration
of a server and identify any changes. What are
you performing?
A.
B.
C.
D.
Code review
Design review
Attack surface review
Baseline review
You need to reduce the attack surface of a web
server. Which of the following is a preventive
control that will assist with this goal?
A. Disabling unnecessary services
B. Identifying the initial baseline
configuration
C. Using hardware locks
D. Monitoring logs for trends
Looking at logs for an online web application, you
see that someone has entered the following phrase
into several queries” ‘ or ‘1’ = ‘1’ –
Which of the following is the MOST likely
explanation for this?
A. A buffer overflow attack
B. An XSS attack
C. A SQL injection attack
D. An LDAP injection attack
Looking at logs of a web server, you see the
following entry:
198.252.69.129—{1/Sep/2013:05:20}”GET
/index.php?username=ZZZZZZZZZZZZZBBBBB
BBBBCCCCCCCCCCCHTTP/1.1”
“http://gfgapremiium.com/secrutyt/”
“Chrome31”
Which of the following is the BEST choice to
explain this entry?
A.
B.
C.
D.
A SQL injection attack
A pharming attack
A phishing attack
A buffer overflow attack
Your organization hosts a web site within a DMZ
and the web site accesses a database server in the
internal network. ACLs on firewalls prevent any
connections to the database server except from
the web server. Database fields hodling customer
data are encrypted and all data in transit between
the web sire server and the database server are
encrypted. Which of the following represents the
GREATEST risk to the data on the server?
A.
B.
C.
D.
Theft of the database server
XML injection
SQL injection
Sniffing
Which of the following is an attack against
servers hosting a directory service?
A.
B.
C.
D.
XSS
LDAP
XSRF
Fuzzing
Mobile users in your network report that they
frequently lose connectivity with the wireless
network on some days, but on other days they
don’t have any problems. Which of the following
types of attacks could cause this?
A.
B.
C.
D.
IV
Wireless jamming
Replay
WPA cracking
While cleaning out his desk, Bart threw several
papers containing PII into the recycle bin. Which
type of attack can exploit this action?
A.
B.
C.
D.
Vishing
Dumpster diving
Shoulder surfing
Tailgating
Security administrators are reviewing security
controls and their usefulness. Which of the
following attacks will account lockout controls
prevent (Choose two.)?
A.
B.
C.
D.
E.
DNS poisoning
Replay
Brute force
Buffer overflow
Dictionary
Security experts at your organization have
determined that your network has been
repeatedly attacked from multiple entities in a
foreign country. Research indicates these are
coordinated and sophisticated attacks. What BEST
describes this activity?
A.
B.
C.
D.
Fuzzing
Sniffing
Spear phishing
Advanced persistent threat
You are troubleshooting an internmittent
connectivity issue with a web server. After
examining the logs, you identify repeated
connection attempts from various IP addresses.
You realize these connection attempts are
overloading the server, preventing it from
responding to other connections. Which of the
following is MOST likely occurring?
A.
B.
C.
D.
DDoS Attack
DoS Attack
Smurf Attack
Salting Attack
Some timestamps include timestamps and
sequence numbers. These components help
protect against what type of attacks?
A.
B.
C.
D.
Smurf
Replay
Flood guards
Salting
Which of the following lessens the success of
dictionary password attacks?
A.
B.
C.
D.
Password complexity requirements
Account lockout threshold
Password hints
Enforce password history
You are on a conference call with your
developers, Serena and Thomas, discussing the
security of your new travel site. You express
concern over a recent article describing how user
submissions to web site may contain malicious
code that runs locally when others simple read
the post. Serena suggests validating user input
before following the user submissions. Which
problem might validation solve?
A. Cross-site scripting
B. Fuzzing
C. Hardening
D. Patching
The process of disabling unneeded network
services on a computer is referred to as what?
A.
B.
C.
D.
Patching
Fuzzing
Hardening
Debugging
The web developers at your company are testing
their latest web site code before going live to
ensure that is is robust and secure. During their
testing they provide malformed URLs with
additional abnormal parameters as well as an
abundance of random data. What terms describes
their actions?
A.
B.
C.
D.
Cross-site scripting
Fuzzing
Patching
Debugging
Roman is developing an application that controls
the lighting system in a large industrial complex.
A piece of code calls a function that controls a
custom-built circuit board. While running his
application, Roman’s application fails repeatedly
because of unforeseen circumstances. Which
secure coding guideline did Roman not adhere to?
A.
B.
C.
D.
Packet encryption
Digital signatures
Error handling
Hardening
A network administrator places a network
appliance on the DMZ network and configures it
with various security thresholds, each of which
will notify the IT group via e-mail. The IT group
will then adhere to the incident response policy
and take action. What will be triggered when any
of these threshold is violated?
A.
B.
C.
D.
Alarm
Alert
Remediation
Input validation
IT security personnel respond to the repeated
misuse of an authenticated user’s session cookie
on an e-commerce web site. The affected user
reports that they occasionally use the site but not
for the transactions in question. The security
personnel decide to reduce the amount of time an
authentication cookie is valid. What type of attack
have they responded to?
A.
B.
C.
D.
DoS
Dictionary
Privilege escalation
Cross-site request forgery
The periodic assessment of security policy
compliance is referred to as what?
A. Remediation
B. Hardening
C. Continuous security monitoring
D. Trend analysis
What is the best definition of the IEEE 802.1x
standard?
A. It defines a group of wireless standards
B. It defines the Ethernet standard
C. It defines network access control only for
wireless accounts
D. It defines network access control for
wired and wireless networks
What can be done to harden the Windows
operating system? (Choose three)
A.
B.
C.
D.
E.
Disable system restore points
Disable unnecessary services
Patch the operating systems
Configure EFS
Disable Group Policy
A network security audit exposes three insecure
wireless routers using default configurations.
Which security principle has been ignored?
A.
B.
C.
D.
Application patch management
Device hardening
Input validation
Principle of least privilege
What will prevent frequent repeated malicious
attacks use account passwords?
A.
B.
C.
D.
Minimum password age
Password hints
Password history
Account lockout
After patching and hardening your computers,
how would you determine whether your
computers are secure?
A.
B.
C.
D.
Performance baseline
Security templates
Penetration testing
Password cracking