Chapter Seven Test Review 401 SYO There is

Chapter Seven Test Review – 401 -SYO

There is an IDS alert on increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, that is the MOST likely explanation? A. A smurf attack B. A flood guard attack C. A Do. S attack D. A DDo. S attack

A network administrator needs to ensure the company’s network is protected against smurf attacks. What should the network administrator do? A. Install flood guards B. Use salting techniques C. Verify border routers block directed broadcasts D. Ensure protocols use timestamps and sequence numbers

Which of the following is the BEST method to protect against someone trying to guess the correct PIN to withdraw money from an ATM? A. Account lockouts B. Rainbow table C. Salting D. Input validation

An application stores user passwords in a hashed format. Which of the following can decrease the likelihood that attackers can discover these passwords? A. Rainbow tables B. MD 5 C. Salt D. Smurf

A user complains that his system is no longer able to access the blogs. getcertfiedgetahead. com site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user’s hosts file: 127. 0. 0. 1 local host 72. 52. 230 233 blogs. getcertifiedgetahead. com What is the BEST explanation for this entry? A. A pharming attack B. A whaling attack C. Session hijacking D. A phishing attack

Security analysts recently discovered that users in our organization are inadvertently installing malware on their systems after visiting the compia. org website. Users have a legitimate requirement to visit the comptia. org web site. What is the MOST likely explanation for this activity? A. Smurf B. Typo squatting C. Fuzzing D. Replay

An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack? A. Buffer overflow B. Zero-day attack C. Fuzzing D. Session hijacking

Which of the following developer techniques results insignificant security vulnerabilities for online web site applications? A. Buffer overflow B. XSRF C. Poor input validation D. Hardening

An attacker is bypassing client-side input validation by intercepting and modifying data within the HTTP POST command. Which of the following does the attacker use in this attack? A. Command injection B. Flash cookie C. Proxy D. Exception handling

Web developers are implementing error and exception handling in a web site application. Which of the following represents a best practice for this? A. Displaying a detailed error message but logging generic information of the error B. Displaying a generic error message but logging detailed information of the error C. Displaying a generic error message but logging generic information of the error D. Displaying a detailed error message but logging detailed information of the error

While reviewing logs for a web application, a developer notices that it has crashed several times reporting a memory error. Shortly after it crashes, the logs show malicious code that isn’t part of a known application. What is MOST likely occurring? A. Buffer overflow B. XSS C. Cross-site scripting D. XML injection

An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application receiving a long series of x 90 characters. What is the MOST likely occurring? A. SQL injection B. Buffer overflow C. XML injection D. Zero-day

Attackers have attacked an online web server using a SQL injection attack. Which of the following BEST describes this? A. The attacker is attempting to overload the system with unexpected data and access memory locations B. The attacker is attempting to impersonate a user using HTML code C. The attacker is sending random data into a program to see if the application will crash D. The attacker is attempting to pass commands to a back-end database server to access data

While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent? A. Sniffing B. Spoofing C. XSS D. Pharming

Homer recently received an email thanking him for a purchase noticed a pop-up window, which included the following code: <body onload=“document. get. Elements. By. ID(‘myform’). submit()’> <form id=“my. Form” action=“gcgapremium. com/purchase. php” method= ‘”post” <input name=“Buy Now” value”Buy Now” value=“Buy. Now”/> </form> </body> What is the MOST likely explanation? A. XSRF B. Buffer overflow C. SQL injection D. Fuzzing

Which of the following is an attack against servers hosting a directory service? A. XSS B. LDAP C. SXRF D. Fuzzing

Your organization hosts a web site within a DMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server? A. Theft of the database server B. XML injection C. SQL injection D. Sniffing

A security tester is sending random data to a program. What does this describe? A. Fuzzing B. Buffer overflow C. Integer overflow D. Command injection

Your organization is preparing to deploy a web-based application, which will accept user input. Which of the following will test the reliability of this application to maintain availability and data integrity? A. Secure coding B. Input validation C. Error handling D. Fuzzing

A web developer wants to reduce the chances of an attacker successfully launching XSRF attacks against a web site application. Which of the following provides the BEST protection? A. Client-side input validation B. Web proxy C. Antivirus software D. Server-side input validation

A code review of a web application discovered that the application is not performing boundary checking. What should the web developer add to this application to resolve this issue? A. XRSF B. XSS C. Input validation D. Fuzzing

Your organization develops web application software, which it sells to other companies for commercial use. To ensure the software is secure, your organization uses a peer assessment to help identify potential security issues related to the software. Which of the following is the BEST term for this process? A. Code review B. Change management C. Routine audit D. Rights and permissions review

Your organization develops web application software, which it sells to other companies for commercial use. Your organization wants to ensure that the software isn’t susceptible to common vulnerabilities, such as buffer overflow attacks and race conditions. What should the organization implement to ensure software meets this standard? A. Input validation B. Change management C. Code review D. Regression testing

You need to periodically check the configuration of a server and identify any changes. What are you performing? A. Code review B. Design review C. Attack surface review D. Baseline review

You need to reduce the attack surface of a web server. Which of the following is a preventive control that will assist with this goal? A. Disabling unnecessary services B. Identifying the initial baseline configuration C. Using hardware locks D. Monitoring logs for trends

Looking at logs for an online web application, you see that someone has entered the following phrase into several queries ‘ or ‘ 1’ = ‘ 1’ – Which of the following is the MOST likely explanation for this? A. A buffer overflow attack B. An XSS attack C. A SQL injection attack D. An LDAP injection attack

Looking at logs of a web server, you see the following entry: 198. 252. 69. 129—{1/Sep/2013: 05: 20}”GET /index. php? username=ZZZZZZZBBBBBCCCCCCHTTP/1. 1” “http: //gfgapremium. com/security/” “Chrome 31” Which of the following is the BEST choice to explain this entry? A. A SQL injection attack B. A pharming attack C. A phishing attack D. A buffer overflow attack

Your organization hosts a web site within a DMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server? A. Theft of the database server B. XML injection C. SQL injection D. Sniffing

Which of the following is an attack against servers hosting a directory service? A. XSS B. LDAP C. XSRF D. Fuzzing

Mobile users in your network report that they frequently lose connectivity with the wireless network on some days, but on other days they don’t have any problems. Which of the following types of attacks could cause this? A. IV B. Wireless jamming C. Replay D. WPA cracking

While cleaning out his desk, Bart threw several papers containing PII into the recycle bin. Which type of attack can exploit this action? A. Vishing B. Dumpster diving C. Shoulder surfing D. Tailgating

Security administrators are reviewing security controls and their usefulness. Which of the following attacks will account lockout controls prevent? (Choose two) A. DNS poisoning B. Replay C. Brute force D. Buffer overflow E. Dictionary

Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What BEST describes this activity? A. Fuzzing B. Sniffing C. Spear phishing D. Advanced persistent threat

You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring? A. DDo. S Attack B. Do. S Attack C. Smurf Attack D. Salting Attack

Some timestamps include timestamps and sequence numbers. These components help protect against what type of attacks? A. Smurf B. Replay C. Flood guards D. Salting

Which of the following lessens the success of dictionary password attacks? A. Password complexity requirements B. Account lockout threshold C. Password hints D. Enforce password history

You are on a conference call with your developers, Serena and Thomas, discussing the security of your new travel site. You express concern over a recent article describing how user submissions to a web site may contain malicious code that runs locally when others simply read the post. Serena suggests validating user input before following the user submissions. Which problem might validation solve? A. Cross-site scripting B. Fuzzing C. Hardening D. Patching

The process of disabling unneeded network services on a computer is referred to as what? A. Patching B. Fuzzing C. Hardening D. Debugging

The web developers at your company are testing their latest web site code before going live to ensure that is is robust and secure. During their testing they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. What terms describes their actions? A. Cross-site scripting B. Fuzzing C. Patching D. Debugging

Roman is developing an application that controls the lighting system in a large industrial complex. A piece of code calls a function that controls a custom-built circuit board. While running his application, Roman’s application fails repeatedly because of unforeseen circumstances. Which secure coding guideline did Roman not adhere to? A. Packet encryption B. Digital signatures C. Error handling D. Hardening

A network administrator places a network appliance on the DMZ network and configures it with various security thresholds, each of which will notify the IT group via e-mail. The IT group will then adhere to the incident response policy and take action. What will be triggered when any of these threshold is violated? A. Alarm B. Alert C. Remediation D. Input validation

IT security personnel respond to the repeated misuse of an authenticated user’s session cookie on an e-commerce web site. The affected user reports that he occasionally uses the site but not for the transactions in question. The security personnel decide to reduce the amount of time an authentication cookie is valid. What type of attack have they responded to? A. Do. S B. Dictionary C. Privilege escalation D. Cross-site request forgery

The periodic assessment of security policy compliance is referred to as what? A. Remediation B. Hardening C. Continuous security monitoring D. Trend analysis

What is the best definition of the IEEE 802. 1 x standard? A. It defines a group of wireless standards B. It defines the Ethernet standard C. It defines network access control only for wireless accounts D. It defines network access control for wired and wireless networks

What can be done to harden the Windows operating system? (Choose three) A. Disable system restore points B. Disable unnecessary services C. Patch the operating systems D. Configure EFS E. Disable Group Policy

A network security audit exposes three insecure wireless routers using default configurations. Which security principle has been ignored? A. Application patch management B. Device hardening C. Input validation D. Principle of least privilege

What will prevent frequent repeated malicious attacks use account passwords? A. Minimum password age B. Password hints C. Password history D. Account lockout

After patching and hardening your computers, how would you determine whether your computers are secure? A. Performance baseline B. Security templates C. Penetration testing D. Password cracking