Chapter 7 Review

Download Report

Transcript Chapter 7 Review

Chapter Seven Test Review – 401-SYO
There is an IDS alert on increased traffic.
Upon investigation, you realize it is due to a
spike in network traffic from several
sources.
Assuming this is malicious, that is the
MOST likely explanation?
A. A smurf attack
B. A flood guard attack
C. A DoS attack
D. A DDoS attack
A network administrator needs to ensure the
company’s network is protected against smurf
attacks.
What should the network administrator do?
A. Install flood guards
B. Use salting techniques
C. Verify border routers block directed
broadcasts
D. Ensure protocols use timestamps and
sequence numbers
Which of the following is the BEST method
to protect against someone trying to guess
the correct PIN to withdraw money from an
ATM?
A. Account lockouts
B. Rainbow table
C. Salting
D. Input validation
An application stores user passwords in a hashed
format.
Which of the following can decrease the
likelihood that attackers can discover these
passwords?
A. Rainbow tables
B. MD5
C. Salt
D. Smurf
A user complains that his system is no longer
able to access the
blogs.getcertfiedgetahead.com site. Instead, his
browser goes to a different site. After
investigation, you notice the following entries in
the user’s hosts file:
127.0.0.1 local host
72.52.230 233 blogs.getcertifiedgetahead.com
What is the BEST explanation for this entry?
A. A pharming attack
B. A whaling attack
C. Session hijacking
D. A phishing attack
Security analysts recently discovered that users in
our organization are inadvertently installing
malware on their systems after visiting the
compia.org website. Users have a legitimate
requirement to visit the comptia.org web site.
What is the MOST likely explanation for this
activity?
A. Smurf
B. Typo squatting
C. Fuzzing
D. Replay
An attacker recently attacked a web server
hosted by your company. After investigation,
security professionals determined that the
attacker used a previously unknown
application exploit.
Which of the following BEST identifies this
attack?
A. Buffer overflow
B. Zero-day attack
C. Fuzzing
D. Session hijacking
Which of the following developer techniques
results insignificant security vulnerabilities for
online web site applications?
A. Buffer overflow
B. XSRF
C. Poor input validation
D. Hardening
An attacker is bypassing client-side input
validation by intercepting and modifying data
within the HTTP POST command. Which of the
following does the attacker use in this attack?
A. Command injection
B. Flash cookie
C. Proxy
D. Exception handling
Web developers are implementing error and
exception handling in a web site application.
Which of the following represents a best practice
for this?
A. Displaying a detailed error message but
logging generic information of the error
B. Displaying a generic error message but
logging detailed information of the error
C. Displaying a generic error message but
logging generic information of the error
D. Displaying a detailed error message but
logging detailed information of the error
While reviewing logs for a web application, a
developer notices that it has crashed several
times reporting a memory error. Shortly after it
crashes, the logs show malicious code that isn’t
part of a known application. What is MOST
likely occurring?
A. Buffer overflow
B. XSS
C. Cross-site scripting
D. XML injection
An application on one of your database
servers has crashed several times recently.
Examining detailed debugging logs, you
discover that just prior to crashing, the
database application receiving a long series of
x90 characters.
What is the MOST likely occurring?
A. SQL injection
B. Buffer overflow
C. XML injection
D. Zero-day
Attackers have attacked an online web server
using a SQL injection attack.
Which of the following BEST describes this?
A. The attacker is attempting to overload the
system with unexpected data and access
memory locations
B. The attacker is attempting to impersonate a
user using HTML code
C. The attacker is sending random data into a
program to see if the application will crash
D. The attacker is attempting to pass
commands to a back-end database server to
While creating a web application, a developer
adds code to limit data provided by users. The
code prevents users from entering special
characters. Which of the following attacks will
this code MOST likely prevent?
A. Sniffing
B. Spoofing
C. XSS
D. Pharming
Homer recently received an email thanking him
for a purchase noticed a pop-up window, which
included the following code:
<body onload=“document.getElementsByID(‘myform’).submit()’>
<form id=“myForm” action=“gcgapremium.com/purchase.php” method=
‘”post”
<input name=“Buy Now” value”Buy Now” value=“BuyNow”/>
</form>
</body>
What is the MOST likely explanation?
A. XSRF
B. Buffer overflow
C. SQL injection
D. Fuzzing
Which of the following is an attack against
servers hosting a directory service?
A. XSS
B. LDAP
C. SXRF
D. Fuzzing
Your organization hosts a web site within a DMZ
and the web site accesses a database server in the
internal network. ACLs on firewalls prevent any
connections to the database server except from the
web server. Database fields holding customer data
are encrypted and all data in transit between the
web site server and the database server are
encrypted. Which of the following represents the
GREATEST risk to the data on the server?
A. Theft of the database server
B. XML injection
C. SQL injection
D. Sniffing
A security tester is sending random data to a
program. What does this describe?
A. Fuzzing
B. Buffer overflow
C. Integer overflow
D. Command injection
Your organization is preparing to deploy a
web-based application, which will accept user input.
Which of the following will test the reliability of this
application to maintain availability and data
integrity?
A. Secure coding
B. Input validation
C. Error handling
D. Fuzzing
A web developer wants to reduce the chances of an
attacker successfully launching XSRF attacks
against a web site application. Which of the
following provides the BEST protection?
A. Client-side input validation
B. Web proxy
C. Antivirus software
D. Server-side input validation
A code review of a web application discovered that
the application is not performing boundary
checking. What should the web developer add to
this application to resolve this issue?
A. XRSF
B. XSS
C. Input validation
D. Fuzzing
Your organization develops web application
software, which it sells to other companies for
commercial use. To ensure the software is secure,
your organization uses a peer assessment to help
identify potential security issues related to the
software. Which of the following is the BEST term
for this process?
A. Code review
B. Change management
C. Routine audit
D. Rights and permissions review
Your organization develops web application
software, which it sells to other companies for
commercial use. Your organization wants to ensure
that the software isn’t susceptible to common
vulnerabilities, such as buffer overflow attacks and
race conditions. What should the organization
implement to ensure software meets this standard?
A. Input validation
B. Change management
C. Code review
D. Regression testing
You need to periodically check the configuration
of a server and identify any changes.
What are you performing?
A. Code review
B. Design review
C. Attack surface review
D. Baseline review
You need to reduce the attack surface of a web
server.
Which of the following is a preventive control that
will assist with this goal?
A. Disabling unnecessary services
B. Identifying the initial baseline
configuration
C. Using hardware locks
D. Monitoring logs for trends
Looking at logs for an online web application, you
see that someone has entered the following phrase
into several queries
‘ or ‘1’ = ‘1’ –
Which of the following is the MOST likely
explanation for this?
A. A buffer overflow attack
B. An XSS attack
C. A SQL injection attack
D. An LDAP injection attack
Looking at logs of a web server, you see the
following entry:
198.252.69.129—{1/Sep/2013:05:20}”GET
/index.php?username=ZZZZZZZZZZZZZBBBBB
BBBBCCCCCCCCCCCHTTP/1.1”
“http://gfgapremium.com/security/” “Chrome31”
Which of the following is the BEST choice to
explain this entry?
A. A SQL injection attack
B. A pharming attack
C. A phishing attack
D. A buffer overflow attack
Your organization hosts a web site within a DMZ
and the web site accesses a database server in the
internal network. ACLs on firewalls prevent any
connections to the database server except from the
web server. Database fields holding customer data
are encrypted and all data in transit between the
web site server and the database server are
encrypted. Which of the following represents the
GREATEST risk to the data on the server?
A. Theft of the database server
B. XML injection
C. SQL injection
D. Sniffing
Which of the following is an attack against servers
hosting a directory service?
A. XSS
B. LDAP
C. XSRF
D. Fuzzing
Mobile users in your network report that they
frequently lose connectivity with the wireless
network on some days, but on other days they
don’t have any problems. Which of the following
types of attacks could cause this?
A. IV
B. Wireless jamming
C. Replay
D. WPA cracking
While cleaning out his desk, Bart threw several
papers containing PII into the recycle bin. Which
type of attack can exploit this action?
A. Vishing
B. Dumpster diving
C. Shoulder surfing
D. Tailgating
Security administrators are reviewing security
controls and their usefulness. Which of the
following attacks will account lockout controls
prevent?
(Choose two)
A. DNS poisoning
B. Replay
C. Brute force
D. Buffer overflow
E. Dictionary
Security experts at your organization have
determined that your network has been repeatedly
attacked from multiple entities in a foreign
country. Research indicates these are coordinated
and sophisticated attacks.
What BEST describes this activity?
A. Fuzzing
B. Sniffing
C. Spear phishing
D. Advanced persistent threat
You are troubleshooting an intermittent
connectivity issue with a web server. After
examining the logs, you identify repeated
connection attempts from various IP addresses.
You realize these connection attempts are
overloading the server, preventing it from
responding to other connections. Which of the
following is MOST likely occurring?
A. DDoS Attack
B. DoS Attack
C. Smurf Attack
D. Salting Attack
Some timestamps include timestamps and
sequence numbers. These components help protect
against what type of attacks?
A. Smurf
B. Replay
C. Flood guards
D. Salting
Which of the following lessens the success of
dictionary password attacks?
A. Password complexity requirements
B. Account lockout threshold
C. Password hints
D. Enforce password history
You are on a conference call with your developers,
Serena and Thomas, discussing the security of
your new travel site. You express concern over a
recent article describing how user submissions to a
web site may contain malicious code that runs
locally when others simply read the post. Serena
suggests validating user input before following the
user submissions.
Which problem might validation solve?
A. Cross-site scripting
B. Fuzzing
C. Hardening
D. Patching
The process of disabling unneeded network
services on a computer is referred to as what?
A. Patching
B. Fuzzing
C. Hardening
D. Debugging
The web developers at your company are testing
their latest web site code before going live to
ensure that is is robust and secure. During their
testing they provide malformed URLs with
additional abnormal parameters as well as an
abundance of random data. What terms describes
their actions?
A. Cross-site scripting
B. Fuzzing
C. Patching
D. Debugging
Roman is developing an application that controls
the lighting system in a large industrial complex. A
piece of code calls a function that controls a
custom-built circuit board. While running his
application, Roman’s application fails repeatedly
because of unforeseen circumstances. Which
secure coding guideline did Roman not adhere to?
A. Packet encryption
B. Digital signatures
C. Error handling
D. Hardening
A network administrator places a network
appliance on the DMZ network and configures
it with various security thresholds, each of
which will notify the IT group via
e-mail. The IT group will then adhere to the
incident response policy and take action. What
will be triggered when any of these threshold is
violated?
A. Alarm
B. Alert
C. Remediation
D. Input validation
IT security personnel respond to the repeated
misuse of an authenticated user’s session cookie
on an e-commerce web site. The affected user
reports that he occasionally uses the site but not for
the transactions in question. The security personnel
decide to reduce the amount of time an
authentication cookie is valid. What type of attack
have they responded to?
A. DoS
B. Dictionary
C. Privilege escalation
D. Cross-site request forgery
The periodic assessment of security policy
compliance is referred to as what?
A. Remediation
B. Hardening
C. Continuous security monitoring
D. Trend analysis
What is the best definition of the IEEE 802.1x
standard?
A. It defines a group of wireless standards
B. It defines the Ethernet standard
C. It defines network access control only for
wireless accounts
D. It defines network access control for wired
and wireless networks
What can be done to harden the Windows
operating system? (Choose three)
A. Disable system restore points
B. Disable unnecessary services
C. Patch the operating systems
D. Configure EFS
E. Disable Group Policy
A network security audit exposes three insecure
wireless routers using default configurations.
Which security principle has been ignored?
A. Application patch management
B. Device hardening
C. Input validation
D. Principle of least privilege
What will prevent frequent repeated malicious
attacks use account passwords?
A. Minimum password age
B. Password hints
C. Password history
D. Account lockout
After patching and hardening your computers, how
would you determine whether your computers are
secure?
A. Performance baseline
B. Security templates
C. Penetration testing
D. Password cracking