Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
An IDS alerts on increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, what is the MOST likely explanation? A. A smurf attack B. A flood guard attack C. A DoS attack D. A DDoS attack |
Correct Answer: D. A distributed denial-of-service (DDoS) attack causes spikes in network traffic as multiple system attempt to connect to a server and deplete the target's resources. A smurf attack is an attack using directed broadcasts , and this might be a smurf attack if routers aren't blocking directed broadcasts, but it could also be another type of DDoS attack. Flood guards protect against SYN flood attacks, and flood guards are not an attack method. A DoS attack comes from a single system. |
|
|
A network administrator needs to ensure the company's network is protected against smurf attacks. What should the network administrator do? A. Install flood guards. B. Use salting techniques C. Verify border routers block directed broadcasts D. Ensure protocols use timestamps and sequence numbers. |
Correct Answer: C. Smurf attacks are blocked by preventing routers from passing directed broadcasts, especially border routers with direct access to the Internet. Flood guards protect against SYN (synchronize) flood attacks. Salting techniques add additional characters to passwords to thwart brute force attacks. Timestamps and sequence numbers are useful to protect against replay attacks, but not smurf attacks. |
|
|
Some protocols include timestamps and sequence numbers. These components help protect against what type of attacks? A. Smurf B. Replay C. Flood guards D. Salting |
Correct Answer: B. Timestamps and sequence numbers act as countermeasures against replay attacks. Blocking directed broadcasts prevents smurf attacks. Flood guards protect against SYN (synchronize) attacks. Salting protect against brute force attacks on passwords.
|
|
|
Which of the following is the BEST method to protect against someone trying to guess the correct PIN to withdraw money from an ATM? A. Account locked B. Rainbow table C. Salting D. Input validation |
Correct Answer: A. Account lockout policies help prevent brute force attacks by locking the account after an incorrect password or personal identification number (PIN) is entered too many times. This prevents someone from hacking into an account by guessing. A rainbow table is a type of attack. Salting passwords prevents some offline brute force attacks by adding characters to passwords before hashing them. Input validation prevents attacks such as buffer overflow and cross-site scripting, but wouldn't help here because an attacker guessing PINs is entering valid data. |
|
|
An application stores user passwords in a hashed format. Which of the following can decrease the likelihood that attackers can discover these passwords? A. Rainbow tables B. MDS C. Salt D. Smurf |
Correct Answer: C. A password salt is additional random characters added to a password before hashing the password, and it decreases the success of password attacks. Rainbow tables are used by attackers and contain precomputed hashes. Message digest 5 (MD5) is a hashing algorithm that creates hashes, but the scenario already states that passwords are hashed. Smurf is a type of attack using a directed broadcast and is not related to passwords.
|
|
|
A user complains that his system is no longer able to access the blogs.getcertifiedgetahead.com site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user's hosts file: 127.0.0.1 localhost 72.52.230.233 blogs.getcertifiedgetahead.com What is the BEST explanation for this entry? A. A pharming attack B. A whaling attack C. Session hijacking D. A phishing attack |
Correct Answer: A. A pharming attack attempts to redirect users from one web site to another web site. Although this is often done using DNS poisoning, it can also be done by rewriting the hosts file in a user's system. The 127.0.0.1 localhost entry is the default entry in the hosts file, and the second entry redirects the user to a different site. Whaling is a phishing attack that targets high-level executives. In session hijacking, an attacker records a user's credentials and uses them to impersonate the user. Phishing is the practice of sending email to users with the purpose of tricking them into revealing personal information (such as bank account information).
|
|
|
Security analysts recently discovered that users in your organization are inadvertently installing malware on their systems after visiting the comptai.org web site. Users have a legitimate requirement to visit the comptia.org web site. What is the MOST likely explanation for this activity? A. Smurf B. Typo squatting C. Fuzzing D. Replay |
Correct Answer: B. Typo squatting (or URL hijacking) uses a similar domain name to redirect traffic. In this scenario, the last two letters in CompTIA are swapped in the malicious domain name, and that site is attempting to download malware onto the user systems. A smurf attack is unrelated to web sites. Fuzzing tests an application's ability to handle random data. A reply attack attempts to replay data with the intent of impersonating one of the parties.
|
|
|
An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack? A. Buffer overflow B. Zero-day attack C. Fuzzing D. Session hijacking |
Correct Answer: B. A zero-day attack takes advantage of an undocumented exploit or an exploit that is unknown to the public. A buffer overflow attack sends unexpected data to a system to access system memory or cause it to crash. Although some buffer overflow attacks are unknown, others are known. If the server isn't kept up to date with patches, it can be attacked with a known buffer overflow attack. Fuzzing sends random data to a system and can detect buffer overflows and zero-day attack methods, but the scenario doesn't indicate the user is sending random data. Session hijacking takes over a user's session and isn't related to an attack on a server.
|
|
|
Which of the following developer techniques results in significant security vulnerabilities for online web site applications? A. Buffer overflow B. XSRF C. Poor input validation D. Hardening |
Correct Answer: C. Poor input validation often causes security vulnerabilities and can lead to major losses when exploited. Buffer overflow and cross-site request forgery (XSRF) are attacks that can be mitigated by input validation. They are not techniques used by developers. Hardening both operating systems and applications helps make them more secure from security vulnerabilities.
|
|
|
An attacker is bypassing client-side input validation by intercepting and modifying data within the HTTP POST command. Which of the following does the attacker use in this attack? A. Command injection B. Flash cookie C. Proxy D. Exception handling |
Correct Answer: C. An attacker can use a web proxy to intercept the HTTP POST command. The attacker then modifies the data in the command and sends it to the web site. Command injection is a type of client-side injection attacks that input validation thwarts. Flash cookies are used by Adobe Flash applets, but are not used to bypass input validation. Exception handling catches errors, allowing applications to handle them gracefully.
|
|
|
Web developers are implementing error and exception handling in a web site application. Which of the following represents a best practice for this? A. Displaying a detailed error message but logging generic information on the error. B. Displaying a generic error message but logging detailed information on the error. C. Displaying a generic error message and logging generic information on the error. D. Displaying a detailed error message and logging detailed information on the error. |
Correct Answer: B. You should display a generic error message but log detailed information on the error. Detailed error messages to the user are often confusing to them and give attackers information they can use against the system. Logging generic information makes it more difficult to troubleshoot the problem later.
|
|
|
While reviewing logs for a web application, a developer notices that it has crashed several times reporting a memory error. Shortly after it crashes , the logs show malicious code that isn't part of a known application. What is MOST likely occurring? A. Buffer overflow B. XSS C. Cross-site scripting D. XML injection |
Correct Answer: A. Buffer overflow attacks often cause an application to crash and expose system memory. Attackers then write malicious code into the expose memory and use different techniques to get the system to run this code. None of the other attacks inserts malicious code into memory. Attackers attempt to embed HTML or JavaScript code in cross-site scripting (XSS) attacks, often to read cookies on a user's system. Extensible Markup Language (XML) injection attacks attempt to access or modify XML formatted data.
|
|
|
An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of x90 characters. What is MOST likely occurring? A. SQL injection B. Buffer overflow C. XML injection D. Zero-day |
Correct Answer: B. Buffer overflow attacks include a series of no operation (NOP) commands, such as hexadecimal 90 (x90). When successful, they can crash applications and expose memory, allowing attackers to run malicious code on the system. SQL injection attacks and Extensible Markup Language (XML) injection attacks do not use NOP commands. Zero-day attacks are unknown or undocumented, but attacks using NOP commands are known. |
|
|
Attackers have attacked an online web server using a SQL injection attack. Which of the following BEST describes this? A. The attacker is attempting to overload the system with unexpected data and access memory locations. B. The attacker is attempting to impersonate a user using HTML code. C. The attacker is sending random data into a program to see if the application will crash. D. The attacker is attempting to pass commands to a back-end database server to access data. |
Correct Answer: D. In a SQL injection attack, an attacker attempts to inject SQL commands into a query to access or manipulate data on a back-end database. A buffer overflow attack attempts to overload a system with too much data or unexpected data in an attempt to access system memory. A cross-site request forgery (XSRF) attack attempts to impersonate a user with HTML code. Fuzzing is a testing technique that sends random data into an application to see if the application can handle it.
|
|
|
While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters? Which of the following attacks will this code MOST likely prevent? A. Sniffing B. Spoofing C. XSS D. Pharming |
Correct Answer: C. A cross-site scripting (XSS) attack can be blocked by using input validation techniques to filter special characters such as the < and > characters used in HTML code. None of the other attackers requires the user of special characters. Sniffing captures data with a protocol analyzer. Spoofing hides the identify of the original entity. Pharming redirects a user from one web site to another web site. |
|
|
Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code: <body onload="document.getElementByID('myform').submit()"> <form id='myForm"action="gcgapremium.com/purchase.php"method="post" <input name="Buy Now"value="Buy Now"/> </form> <body> What is the MOST likely explanation? A. XSRF B. Buffer overflow C. SQL injection D. Fuzzing |
Correct Answer: A. A cross-site request forgery (XSRF) attack causes users to perform actions without their knowledge. This scenario indicates the user visited a web site, most likely through a malicious link, and the link initiated a purchase. None of the other attacks cause unsuspecting users to make purchases. A buffer overflow attacks a web site and attempts to access system memory. A SQL injection attack attempts to access data on a database server. Fuzzing sends random data to an application to test its ability to handle the random data.
|
|
|
Which of the following is an attack against servers hosting a directory service? A. XXS B. LDAP C. XSRF D. Fuzzing |
Correct Answer: B. A Lightweight Directory Application Protocol (LDAP) injection attack attempts to access data on servers hosting a directory service, such as a Microsoft domain controller hosting Active Directory. Cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks attack web servers, not directory service servers. Fuzzing sends random data to see if the application can handle it, but it doesn't necessarily target servers hosting a directory service.
|
|
|
Your organization hosts a web site within a DMZ and the web site accesses a database server in the internal network. ACLS on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server? A. Theft of the database server B. XML injection C. SQL injection D. Sniffing |
Correct Answer: C. A SQL injection attack allows an attacker to send commands to the database server to access data. Encryption protects it on the server and in transit, but the web server can decrypt it. Because the data in the database server is encrypted, theft of the server isn't a significant risk. There aren't any indications that the database server is replying with Extensible Markup Language (XML) data, so an XML injection attack isn't a risk. Because data is encrypted while in transit, sniffing isn't a significant risk.
|
|
|
A security tester is sending random data to a program. What does this describe? A. Fuzzing B. Buffer overflow C. Integer overflow D. Command injection |
Correct Answer: A. Fuzz testing, or fuzzing, sends random data to an application with the purpose of testing the application's ability to handle the random data. In some cases, fuzzing can discover buffer overflow and integer overflow vulnerabilities, but just sending random data doesn't necessarily cause buffer overflows or integer overflows. Command injection attacks send specific commands, not random data.
|
|
|
Your organization is preparing to deploy a web-based application, which will accept user input. Which of the following will test the reliability of this application to maintain availability and data integrity? A. Secure coding B. Input validation C. Error handling D. Fuzzing |
Correct Answer: D. Fuzzing can test the application's ability to maintain availability and data integrity for some scenarios. Fuzzing sends random data to an application to verify the random data doesn't crash the application or expose the system to a data breach. Secure coding practices such as input validation and error- and exception- handling techniques protect applications, but do not test them. |
