|
What type of attack intercepts communication between parties to steal or manipulate the data? |
C. Man-in-the-browser |
|
What protocol can be used by a host on a network to find the MAC address of another device based on an IP address? |
B. ARP |
|
What type of additional attack does ARP spoofing rely on? |
D. MAC Spoofing |
|
What type of privileges to access hardware and software resources are granted to users or devices? |
C. Access rights |
|
When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack? |
C. Denial of service |
|
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim’s computer? |
D. Smurf Attack |
|
An attack that takes advantage of the procedures for initiating a session is known as what type of attack? |
D. SYN flood attack |
|
What language below is used to view and manipulate data that is stored in a relational database? |
C. SQL |
|
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? |
D. whatever’ AND email IS NULL; — |
|
Choose the SQL injection statement example below that could be used to find specific users: |
C. whatever’ OR full_name LIKE ‘%Mia%’ |
|
Which SQL injection statement example below could be used to discover the name of the table? |
B. whatever’ AND 1=(SELECT COUNT(*) FROM tabname); — |
|
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as: |
C. Session hijacking |
|
Which type of attack below is similar to a passive man-in-the-middle attack? |
A. replay |
|
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service: |
D. DNS |
|
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? |
A. DNS poisoning |
|
The exchange of information among DNS servers regarding configured zones is known as: |
C. Zone transfer |
|
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? |
A. Privilege escalation |
|
What type of web server application attacks introduce new input to exploit a vulnerability? |
D. Injection attacks |
|
If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known website in order for the attacker to gain Web traffic to generate income, what type of attack are they using? |
B. URL hijacking |
|
What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor? |
D. Domain hijacking |
|
When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the Web ads, what type attack is being performed? |
C. Malvertising |
|
What technology expands the normal capabilities of a web browser for a specific webpage? |
A. Extensions |
|
Where are MAC addresses stored for future reference? |
C. ARP Cache |
|
What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks? |
A. ARP Poisoning |
|
What type of attack is being performed when multiple computers overwhelm a system with fake requests? |
A. DDoS |
|
What criteria must be met for an XXS attack to occur on a specific website? |
B. The website must accept user input without validating it and use that input in a response. |
Share This
Flashcard
