Question 1

The return address is the only element that can be altered in a buffer overflow attack.

Accepted Answer

In a buffer overflow attack, the return address is just one of the elements that can be altered. Other elements, such as variables and function parameters, can also be manipulated to achieve the attacker's goals.

Question 2

The malicious content of an XSS URL is confined to material posted on a website

Accepted Answer

The malicious content of an XSS URL can affect not only the webpage where it is posted, but also other users who visit that webpage and potentially even other websites that the users visit if the attacker is able to steal cookies or perform other cross-site attacks.

Question 3

What type of additional attack does ARP spoofing rely on?&#10;A)DNS Poisoning&#10;B)replay&#10;C)MITB&#10;D)MAC spoofing

Accepted Answer

ARP spoofing relies on MAC spoofing to send false ARP messages to a network device, allowing the attacker to receive traffic that was meant for another device on the network. The other options (DNS poisoning, replay, and MITB) are types of attacks that can be used in conjunction with ARP spoofing, but they are not the main attack vector.

Question 4

What type of privileges to access hardware and software resources are granted to users or devices?&#10;A)access privileges&#10;B)user rights&#10;C)access rights&#10;D)permissions

Accepted Answer

Access rights refer to the permissions granted to users or devices to access hardware and software resources.

Question 5

Traditional network security devices can block traditional network attacks,but they cannot always block web application attacks.

Accepted Answer

Traditional network security devices like firewalls and intrusion detection/prevention systems are not always effective in blocking web application attacks, which target vulnerabilities in web applications and their delivery mechanisms. Specialized web application firewalls and other security measures are needed to protect against these types of attacks.

Question 6

JavaScript cannot create separate stand-alone applications.

Accepted Answer

JavaScript is primarily a scripting language for web development and runs within a web browser environment. It is not designed to create stand-alone applications without the help of additional tools or frameworks like Electron.

Question 7

What are the two types of cross-site attacks? (Choose all that apply. )&#10;A)cross-site input attacks&#10;B)cross-site scripting attacks&#10;C)cross-site request forgery attacks&#10;D)cross-site flood attacks

Accepted Answer

Cross-site attacks include cross-site scripting attacks (B) and cross-site request forgery attacks (C). Cross-site input attacks (A) and cross-site flood attacks (D) are not commonly recognized types of cross-site attacks.

Question 8

What two locations can be a target for DNS poisoning? (Choose all that apply. )&#10;A)local host table&#10;B)external DNS server&#10;C)local database table&#10;D)directory server

Accepted Answer

DNS poisoning can target the local host table, where DNS information is stored locally on a computer, and external DNS servers, which are responsible for translating domain names into IP addresses for the broader internet.

Question 9

Securing web applications is easier than protecting other systems.

Accepted Answer

This statement is false. Securing web applications can be complex and challenging as they are often accessible from anywhere and can be vulnerable to attacks such as cross-site scripting (XSS), SQL injection, and more. Protecting other systems may have different challenges, but it is not necessarily easier or harder than securing web applications.

Question 10

What language below is used to view and manipulate data that is stored in a relational database?&#10;A)C&#10;B)DQL&#10;C)SQL&#10;D)ISL

Accepted Answer

SQL (Structured Query Language) is used to view and manipulate data that is stored in a relational database. It is a standard language for managing relational databases and is widely used in the industry. The other options (A,C,D) are programming languages and not specifically designed for database management. B is not a commonly used language and is specific to a certain database system.

Question 11

Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?&#10;A)IP spoofing&#10;B)denial of service&#10;C)DNS Poisoning&#10;D)smurf attack

Accepted Answer

The answer of Which type of attack broadcasts a network...

Question 12

What type of attack intercepts communication between parties to steal or manipulate the data?&#10;A)replay&#10;B)MAC spoofing&#10;C)man-in-the-browser&#10;D)ARP poisoning

Accepted Answer

The answer of What type of attack intercepts communication between...

Question 13

XSS is like a phishing attack but without needing to trick the user into visiting a malicious website.

Accepted Answer

The answer of XSS is like a phishing attack but...

Question 14

What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?&#10;A)DNS&#10;B)ARP&#10;C)TCP&#10;D)UDP

Accepted Answer

The answer of What protocol can be used by a...

Question 15

In an integer overflow attack,an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.

Accepted Answer

The answer of In an integer overflow attack,an attacker changes...

Question 16

A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it.

Accepted Answer

The answer of A DNS amplification attack floods an unsuspecting...

Question 17

A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

Accepted Answer

The answer of A buffer overflow attack occurs when a...

Question 18

A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer.

Accepted Answer

The answer of A SYN flood attack broadcasts a network...

Question 19

An attack that takes advantage of the procedures for initiating a session is known as what type of attack?&#10;A)DNS amplification attack&#10;B)IP spoofing&#10;C)smurf attack&#10;D)SYN flood attack

Accepted Answer

The answer of An attack that takes advantage of the...

Question 20

When an attack is designed to prevent authorized users from accessing a system,it is called what kind of attack?&#10;A)MITM&#10;B)spoofing&#10;C)denial of service&#10;D)blocking

Accepted Answer

The answer of When an attack is designed to prevent...

Question 21

When TCP/IP was developed,the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:&#10;A)HTTP&#10;B)NSDB&#10;C)URNS&#10;D)DNS

Accepted Answer

The answer of When TCP/IP was developed,the host table concept...

Question 22

What technology expands the normal capabilities of a web browser for a specific webpage?&#10;A)extensions&#10;B)add-ons&#10;C)plug-ins&#10;D)Java applets

Accepted Answer

The answer of What technology expands the normal capabilities of...

Question 23

Which of the following are considered to be interception attacks? (Choose all that apply. )&#10;A)denial of service&#10;B)amplification attack&#10;C)man-in-the-middle&#10;D)replay attacks

Accepted Answer

The answer of Which of the following are considered to...

Question 24

If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known web site in order for the attacker to gain Web traffic to generate income,what type of attack are they using?

A)spoofing
B)URL hijacking
C)Web squatting
D)typo hijacking

Accepted Answer

The answer of If an attacker purchases and uses a...

Question 25

When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the Web ads,what type attack is being performed?&#10;A)ad squatting&#10;B)clickjacking&#10;C)malvertising&#10;D)ad spoofing

Accepted Answer

The answer of When an attacker promotes themselves as reputable...

Question 26

Which type of attack below is similar to a passive man-in-the-middle attack?&#10;A)replay&#10;B)hijacking&#10;C)denial&#10;D)buffer overflow

Accepted Answer

The answer of Which type of attack below is similar...

Question 27

Choose the SQL injection statement example below that could be used to find specific users:&#10;A)whatever' OR full_name = '%Mia%'&#10;B)whatever' OR full_name IS '%Mia%'&#10;C)whatever' OR full_name LIKE '%Mia%'&#10;D)whatever' OR full_name equals '%Mia%'

Accepted Answer

The answer of Choose the SQL injection statement example below...

Question 28

Which SQL injection statement example below could be used to discover the name of the table?&#10;A)whatever%20 AND 1=(SELECT COUNT(*)FROM tabname);--&#10;B)whatever' AND 1=(SELECT COUNT(*)FROM tabname);--&#10;C)whatever;AND 1=(SELECT COUNT(*)FROM tabname);--&#10;D)whatever%;AND 1=(SELECT COUNT(*)FROM tabname);--

Accepted Answer

The answer of Which SQL injection statement example below could...

Question 29

What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks?&#10;A)ARP poisoning&#10;B)man-in-the-middle&#10;C)denial of service&#10;D)DNS poisoning

Accepted Answer

The answer of What type of an attack is being...

Question 30

What specific ways can a session token be transmitted? (Choose all that apply. )&#10;A)In the URL.&#10;B)In the trailer of a frame.&#10;C)In the header of a packet.&#10;D)In the header of the HTTP requisition.

Accepted Answer

The answer of What specific ways can a session token...

Question 31

What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor?&#10;A)pointer hack&#10;B)DNS spoofing&#10;C)clickjacking&#10;D)domain hijacking

Accepted Answer

The answer of What attack occurs when a domain pointer...

Question 32

What type of attack is being performed when multiple computers overwhelm a system with fake requests?&#10;A)DDoS&#10;B)DoS&#10;C)SYN flood&#10;D)replay attacks

Accepted Answer

The answer of What type of attack is being performed...

Question 33

The exchange of information among DNS servers regarding configured zones is known as:&#10;A)resource request&#10;B)zone sharing&#10;C)zone transfer&#10;D)zone removal

Accepted Answer

The answer of The exchange of information among DNS servers...

Question 34

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:&#10;A)Session replay&#10;B)Session spoofing&#10;C)Session hijacking&#10;D)Session blocking

Accepted Answer

The answer of An attack in which the attacker attempts...

Question 35

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?&#10;A)DNS poisoning&#10;B)Phishing&#10;C)DNS marking&#10;D)DNS overloading

Accepted Answer

The answer of How can an attacker substitute a DNS...

Question 36

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?&#10;A)whatever AND email IS NULL;--&#10;B)whatever;AND email IS NULL;--&#10;C)whatever&#34; AND email IS NULL;--&#10;D)whatever' AND email IS NULL;--

Accepted Answer

The answer of Which SQL statement represents a SQL injection...

Question 37

Where are MAC addresses stored for future reference?&#10;A)MAC cache&#10;B)Ethernet cache&#10;C)ARP cache&#10;D)NIC

Accepted Answer

The answer of Where are MAC addresses stored for future...

Question 38

What criteria must be met for an XXS attack to occur on a specific website?&#10;A)The website must accept user input while validating it and use that input in a response.&#10;B)The website must accept user input without validating it and use that input in a response.&#10;C)The website must not accept user input without validating it and use that input in a response.&#10;D)The website must accept user input while validating it and omit that input in a response.

Accepted Answer

The answer of What criteria must be met for an...

Question 39

What type of web server application attacks introduce new input to exploit a vulnerability?&#10;A)language attacks&#10;B)cross-site request attacks&#10;C)hijacking attacks&#10;D)injection attacks

Accepted Answer

The answer of What type of web server application attacks...

Question 40

On a compromised computer,you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts.What type of exploit has occurred?&#10;A)Privilege escalation&#10;B)DNS cache poisoning&#10;C)ARP poisoning&#10;D)Man-in-the-middle

Accepted Answer

The answer of On a compromised computer,you have found that...

Question 41

What are zero-day attacks?

Accepted Answer

The answer of What are zero-day attacks?...

Question 42

How does a buffer overflow attack occur?

Accepted Answer

The answer of How does a buffer overflow attack occur?...

Question 43

What directory are the host tables found in the /etc/ directory in UNIX,Linux,and macOS on a Windows system?

Accepted Answer

The answer of What directory are the host tables found...

Question 44

How does a cross-site request forgery (XSRF)attack work?

Accepted Answer

The answer of How does a cross-site request forgery (XSRF)attack...

Question 45

If a MAC address is permanently &#34;burned&#34; into a network interface card,how can an attacker change the MAC address to perform an ARP poisoning attack?

Accepted Answer

The answer of If a MAC address is permanently &#34;burned&#34;...

Question 46

How is a network-based MITM attack executed?

Accepted Answer

The answer of How is a network-based MITM attack executed?...

Question 47

How does a cross-site scripting (XSS)attack work?

Accepted Answer

The answer of How does a cross-site scripting (XSS)attack work?...

Question 48

What are some of the typical server attacks used by attackers?

Accepted Answer

The answer of What are some of the typical server...

Question 49

Explain how an attacker can use privilege escalation to gain access to a resources that are restricted?

Accepted Answer

The answer of Explain how an attacker can use privilege...

Question 50

What is the basis for domain name resolution of names-to-IP addresses?

Accepted Answer

The answer of What is the basis for domain name...

Deck 5: Networking and Server Attacks