* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Chapter 7 Review
Survey
Document related concepts
Proxy server wikipedia , lookup
Web of trust wikipedia , lookup
Security-focused operating system wikipedia , lookup
Distributed firewall wikipedia , lookup
Buffer overflow wikipedia , lookup
Unix security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Computer security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Buffer overflow protection wikipedia , lookup
Wireless security wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Mobile security wikipedia , lookup
Transcript
Chapter Seven Test Review – 401-SYO An IDS alert on increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, that is the MOST likely explanation? A. B. C. D. A smurf attack A flood guard attack A DoS attack A DDoS attack A network administrator needs to ensure the company’s network is protected against smurf attacks. What should the network administrator do? A. Install flood guards B. Use salting techniques C. Verify border routers block directed broadcasts D. Ensure protocols use timestamps and sequence numbers Which of the following is the BEST method to protect against someone trying to guess the correct PIN to withdraw money from an ATM? A. B. C. D. Account lockouts Rainbow table Salting Input validation Which of the following is the BEST method to protect against someone trying to guess the correct PIN to withdraw money from an ATM? A. B. C. D. Account lockouts Rainbow table Salting Input validation An application stores user passwords in a hashed format. Which of the following can decrease the likelihood that attackers can discover these passwords? A. B. C. D. Rainbow tables MD5 Salt Smurf A user complains that his system is no longer able to access the blogs.getcertfiedgetahead.co site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user’s hosts file: 127.0.0.1 local host 72.52.230 233 blogs.getcertifiedgetahead.com What is the BEST explanation for this entry? A. A pharming attack B. A whaling attack C. Session hijacking D. A phishing attack Security analysts recently discovered that users in our organization are inadvertently installing malware on their systems after visiting the compia.org website. Users have a legitimate requirement to visit the comptia.org web site. What is the MOST likely explanation for this activity? A. B. C. D. Smurf Typo squatting Fuzzing Replay An attacker recently attacked a web server osted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack? A. B. C. D. Buffer overflow Zero-day attack Fuzzing Session hijacking Which of the following developer techniques results insignificant security vulnerabilities for online web site applications? A. B. C. D. Buffer overflow XSRF Poor input validation Hardening An attacker is bypassing client-side input validation by intercepting and modifying data within the HTTP POST command. Which of the following does the attacker use in this attack? A. B. C. D. Command injection Flash cookie Proxy Exception handling Web developers are implementing error and exception handling in a web site application. Which of the following represents a best practice for this? A. Displaying a detailed error message but logging generic information of the error B. Displaying a generic error message but logging detailed information of the error C. Displaying a generic error message but logging generic information of the error D. Displaying a detailed error message but logging detailed information of the error While reviewing logs for a web application, a developer, a developer notices that is has crashed several times reporting a memory error. Shortly after it crashes, the logs show malicious code that isn’t part of a known application. What is MOST likely occurring? A. Buffer overflow B. XSS C. Cross-site scripting D. XML injection An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application receiving a long series of x90 characters. What is the MOST likely occurring? A. B. C. D. SQL injection Buffer overflow XML injection Zero-day Attackers have attacked an online web server using a SQL injection using a SQL injection attack. Which of the following BEST describes this? A. The attacker is attempting to overload the system with unexpected data and access memory locations B. The attacker is attempting to impersonate a user using HTML code C. The attacker is sending random data into a program to see if the application will crash D. The attacker is attempting to pass commands to a back-end database server to While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent? A. B. C. D. Sniffing Spoofing XSS Pharming Homer recently received an email thanking him for a purchase noticed a pop-up window, which included the following code: <body onload=“document.getElementsByID(‘myform’).submit()’> <form id=“myForm” action=“gcgapremium.com/purchase.php” method= ‘”post” <input name=“Buy Now” value”Buy Now” value=“BuyNow”/> </form> </body> What is the MOST likely explanation? A. B. C. D. XSRF Buffer overflow SQL injection Fuzzing Which of the following is an attack against servers hosting a directory service? A. B. C. D. XSS LDAP SXRF Fuzzing Your organization hosts a web site within a SMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server? A. Theft of the database server B. XML injection C. SQL injection D. Sniffing A security tester is sending random data to a program. What does this describe? A. B. C. D. Fuzzing Buffer overflow Integer overflow Command injection Your organization is preparing to deploy a webbased application, which will accept user input. Which of the following will test the reliability of this application to maintain availability and data integrity? A. B. C. D. Secure coding Input validation Error handling Fuzzing A web developer wants to reduce the chances of an attacker successfully launching XSRF attacks against a web site application. Which of the following provides the BEST protection? A. B. C. D. Client-side input validation Web proxy Antivirus software Server-side input validation A code review of a web application discovered that the application is not performing boundary checking. What should the web developer add to this application to resolve this issue? A. B. C. D. XRSF XSS Input validation Fuzzing Your organization develops web application software, which it sells to other companies for commercial use. To ensure the software is secure, your organization uses a peer assessment to help identify potential security issues related to the software. Which of the following is the BEST term for this process? A. B. C. D. Code review Change management Routine audit Rights and permissions review Your organization develops web application software, which it sells to other companies for commercial use. Your organization wants to ensure that the software isn’t susceptible to common vulnerabilities, such as buffer overflow attacks and race conditions. What should the organization implement to ensure software meets this standard? A. Input validation B. Change management C. Code review D. Regression testing You need to periodically check the configuration of a server and identify any changes. What are you performing? A. B. C. D. Code review Design review Attack surface review Baseline review You need to periodically check the configuration of a server and identify any changes. What are you performing? A. B. C. D. Code review Design review Attack surface review Baseline review You need to reduce the attack surface of a web server. Which of the following is a preventive control that will assist with this goal? A. Disabling unnecessary services B. Identifying the initial baseline configuration C. Using hardware locks D. Monitoring logs for trends Looking at logs for an online web application, you see that someone has entered the following phrase into several queries” ‘ or ‘1’ = ‘1’ – Which of the following is the MOST likely explanation for this? A. A buffer overflow attack B. An XSS attack C. A SQL injection attack D. An LDAP injection attack Looking at logs of a web server, you see the following entry: 198.252.69.129—{1/Sep/2013:05:20}”GET /index.php?username=ZZZZZZZZZZZZZBBBBB BBBBCCCCCCCCCCCHTTP/1.1” “http://gfgapremiium.com/secrutyt/” “Chrome31” Which of the following is the BEST choice to explain this entry? A. B. C. D. A SQL injection attack A pharming attack A phishing attack A buffer overflow attack Your organization hosts a web site within a DMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields hodling customer data are encrypted and all data in transit between the web sire server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server? A. B. C. D. Theft of the database server XML injection SQL injection Sniffing Which of the following is an attack against servers hosting a directory service? A. B. C. D. XSS LDAP XSRF Fuzzing Mobile users in your network report that they frequently lose connectivity with the wireless network on some days, but on other days they don’t have any problems. Which of the following types of attacks could cause this? A. B. C. D. IV Wireless jamming Replay WPA cracking While cleaning out his desk, Bart threw several papers containing PII into the recycle bin. Which type of attack can exploit this action? A. B. C. D. Vishing Dumpster diving Shoulder surfing Tailgating Security administrators are reviewing security controls and their usefulness. Which of the following attacks will account lockout controls prevent (Choose two.)? A. B. C. D. E. DNS poisoning Replay Brute force Buffer overflow Dictionary Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What BEST describes this activity? A. B. C. D. Fuzzing Sniffing Spear phishing Advanced persistent threat You are troubleshooting an internmittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring? A. B. C. D. DDoS Attack DoS Attack Smurf Attack Salting Attack Some timestamps include timestamps and sequence numbers. These components help protect against what type of attacks? A. B. C. D. Smurf Replay Flood guards Salting Which of the following lessens the success of dictionary password attacks? A. B. C. D. Password complexity requirements Account lockout threshold Password hints Enforce password history You are on a conference call with your developers, Serena and Thomas, discussing the security of your new travel site. You express concern over a recent article describing how user submissions to web site may contain malicious code that runs locally when others simple read the post. Serena suggests validating user input before following the user submissions. Which problem might validation solve? A. Cross-site scripting B. Fuzzing C. Hardening D. Patching The process of disabling unneeded network services on a computer is referred to as what? A. B. C. D. Patching Fuzzing Hardening Debugging The web developers at your company are testing their latest web site code before going live to ensure that is is robust and secure. During their testing they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. What terms describes their actions? A. B. C. D. Cross-site scripting Fuzzing Patching Debugging Roman is developing an application that controls the lighting system in a large industrial complex. A piece of code calls a function that controls a custom-built circuit board. While running his application, Roman’s application fails repeatedly because of unforeseen circumstances. Which secure coding guideline did Roman not adhere to? A. B. C. D. Packet encryption Digital signatures Error handling Hardening A network administrator places a network appliance on the DMZ network and configures it with various security thresholds, each of which will notify the IT group via e-mail. The IT group will then adhere to the incident response policy and take action. What will be triggered when any of these threshold is violated? A. B. C. D. Alarm Alert Remediation Input validation IT security personnel respond to the repeated misuse of an authenticated user’s session cookie on an e-commerce web site. The affected user reports that they occasionally use the site but not for the transactions in question. The security personnel decide to reduce the amount of time an authentication cookie is valid. What type of attack have they responded to? A. B. C. D. DoS Dictionary Privilege escalation Cross-site request forgery The periodic assessment of security policy compliance is referred to as what? A. Remediation B. Hardening C. Continuous security monitoring D. Trend analysis What is the best definition of the IEEE 802.1x standard? A. It defines a group of wireless standards B. It defines the Ethernet standard C. It defines network access control only for wireless accounts D. It defines network access control for wired and wireless networks What can be done to harden the Windows operating system? (Choose three) A. B. C. D. E. Disable system restore points Disable unnecessary services Patch the operating systems Configure EFS Disable Group Policy A network security audit exposes three insecure wireless routers using default configurations. Which security principle has been ignored? A. B. C. D. Application patch management Device hardening Input validation Principle of least privilege What will prevent frequent repeated malicious attacks use account passwords? A. B. C. D. Minimum password age Password hints Password history Account lockout After patching and hardening your computers, how would you determine whether your computers are secure? A. B. C. D. Performance baseline Security templates Penetration testing Password cracking