A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it.
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:
Session replay
Session spoofing
Session hijacking
Session blocking
An attack that takes advantage of the procedures for initiating a session is known as what type of attack?
DNS amplification attack
IP spoofing
smurf attack
SYN flood attack
A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer.
Choose the SQL injection statement example below that could be used to find specific users:
whatever' OR full_name = '%Mia%'
whatever' OR full_name IS '%Mia%'
whatever' OR full_name LIKE '%Mia%'
whatever' OR full_name equals '%Mia%'
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?
DNS poisoning
Phishing
DNS marking
DNS overloading
If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known web site in order for the attacker to gain Web traffic to generate income, what type of attack are they using?
spoofing
URL hijacking
Web squatting
typo hijacking
In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?
Privilege escalation
DNS cache poisoning
ARP poisoning
Man-in-the-middle
Securing web applications is easier than protecting other systems.
The exchange of information among DNS servers regarding configured zones is known as:
resource request
zone sharing
zone transfer
zone removal
The malicious content of an XSS URL is confined to material posted on a website
The return address is the only element that can be altered in a buffer overflow attack.
Traditional network security devices can block traditional network attacks, but they cannot always block web application attacks.
What are the two types of cross-site attacks? (Choose all that apply.)
cross-site input attacks
cross-site scripting attacks
cross-site request forgery attacks
cross-site flood attacks
What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor?
pointer hack
DNS spoofing
clickjacking
domain hijacking
What criteria must be met for an XXS attack to occur on a specific website?
The website must accept user input while validating it and use that input in a response
The website must accept user input without validating it and use that input in a response
The website must not accept user input without validating it and use that input in a response
The website must accept user input while validating it and omit that input in a response
What language below is used to view and manipulate data that is stored in a relational database?
C
DQL
SQL
ISL
What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?
DNS
ARP
TCP
UDP
What specific ways can a session token be transmitted? (Choose all that apply.)
In the URL
In the trailer of a frame
In the header of a packet
In the header of the HTTP requisition
What technology expands the normal capabilities of a web browser for a specific webpage?
extensions
add-ons
plug-ins
Java applets
What two locations can be a target for DNS poisoning? (Choose all that apply.)
local host table
external DNS server
local database table
directory server
What type of additional attack does ARP spoofing rely on?
replay
MITB
MAC spoofing
What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks?
man-in-the-middle
denial of service
What type of attack intercepts communication between parties to steal or manipulate the data?
man-in-the-browser
What type of attack is being performed when multiple computers overwhelm a system with fake requests?
DDoS
DoS
SYN flood
replay attacks
What type of privileges to access hardware and software resources are granted to users or devices?
access privileges
user rights
access rights
permissions
What type of web server application attacks introduce new input to exploit a vulnerability?
language attacks
cross-site request attacks
hijacking attacks
injection attacks
When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the Web ads, what type attack is being performed?
ad squatting
malvertising
ad spoofing
When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack?
MITM
blocking
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:
HTTP
NSDB
URNS
Where are MAC addresses stored for future reference?
MAC cache
Ethernet cache
ARP cache
NIC
Which of the following are considered to be interception attacks? (Choose all that apply.)
amplification attack
Which SQL injection statement example below could be used to discover the name of the table?
whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --
whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
whatever; AND 1=(SELECT COUNT(*) FROM tabname); --
whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?
whatever AND email IS NULL; --
whatever; AND email IS NULL; --
whatever" AND email IS NULL; --
whatever' AND email IS NULL; --
Which type of attack below is similar to a passive man-in-the-middle attack?
hijacking
denial
buffer overflow
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?
XSS is like a phishing attack but without needing to trick the user into visiting a malicious website.
