Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 3: Application and Networking-Based Attacks

Full screen (f)
exit full mode
Question
Because of the minor role it plays, DNS is never the focus of attacks.
Use Space or
up arrow
down arrow
to flip the card.
Question
Which SQL injection statement example below could be used to discover the name of the table?

A)whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --
B)whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
C)whatever; AND 1=(SELECT COUNT(*) FROM tabname); --
D)whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --
Question
What language below is used to view and manipulate data that is stored in a relational database?

A)C
B)DQL
C)SQL
D)ISL
Question
XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.​
Question
Which type of attack below is similar to a passive man-in-the-middle attack?

A)replay
B)hijacking
C)denial
D)buffer overflow
Question
Choose the SQL injection statement example below that could be used to find specific users:

A)whatever' OR full_name = '%Mia%'
B)whatever' OR full_name IS '%Mia%'
C)whatever' OR full_name LIKE '%Mia%'
D)whatever' OR full_name equals '%Mia%'
Question
The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?

A)/var/www
B)C:\Inetpub\ wwwroot
C)/var/html
D)C:\wwwroot
Question
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

A)​Privilege escalation
B)​DNS cache poisoning
C)​ARP poisoning
D)​Man-in-the-middle
Question
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
Question
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.
Question
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
Question
HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?

A)​blocks
B)​marks
C)​taps
D)​tags
Question
To what specific directory are users generally restricted to on a web server?

A)top
B)base
C)root
D)tap
Question
What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?

A)HTTP header
B)HTML header
C)XML header
D)SSL header
Question
Attacks that take place against web based services are considered to be what type of attack?

A)client-side
B)hybrid
C)server-side
D)relationship
Question
A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

A)buffer overflow
B)drive-by-download
C)denial of service
D)stack underflow
Question
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?

A)whatever AND email IS NULL; --
B)whatever; AND email IS NULL; --
C)whatever" AND email IS NULL; --
D)whatever' AND email IS NULL; --
Question
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

A)DNS poisoning
B)Phishing
C)DNS marking
D)DNS overloading
Question
The exchange of information among DNS servers regarding configured zones is known as:

A)resource request
B)zone disarticulation
C)zone transfer
D)zone removal
Question
Which SQL injection statement can be used to erase an entire database table?

A)whatever'; DROP TABLE members; --
B)whatever'; DELETE TABLE members; --
C)whatever'; UPDATE TABLE members; --
D)whatever'; RENAME TABLE members; --
Question
What language below is for the transport and storage of data, with the focus on what the data is?

A)​XML
B)​HTML
C)​SGML
D)​SML
Question
What language below is designed to display data, with a primary focus on how the data looks?

A)XML
B)HTML
C)SGML
D)ISL
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​A form of verification used when accessing a secure web application
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
Question
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

A)HTTP
B)NSDB
C)URNS
D)DNS
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
Injecting and executing commands to execute on a server​
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​Part of the TCP/IP protocol for determining the MAC address based on the IP address.
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​Another name for locally shared object (LSO)
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer​
Question
A web browser makes a request for a web page using the ________________.
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.
Question
Ethernet LAN networks utilize the physical _________________ address to send packets.​
Question
Select below the string of characters that can be used to traverse up one directory level from the root directory:

A);/
B)./
C)%20/
D)../
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that corrupts the ARP cache​
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.
Question
The predecessor to today's Internet was a network known as ____________________.
Question
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​An attack that injects scripts into a web application server to direct attacks at clients.
Question
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.
Question
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

A)Session replay
B)Session spoofing
C)Session hijacking
D)Session blocking
Question
A TCP/IP communication begins with a control message, known as a ________________, to initialize the connection.​
Match the following terms to the appropriate definitions.​
a.​Address Resolution Protocol (ARP)
b.ARP Poisoning​
c.​Buffer overflow attack
d.Command injection​
e.​Cross-site scripting (XSS)
Question
What is the goal of a directory traversal attack?​
Question
What is a cookie, and how is it used?​
Question
In a drive-by download attack, provide an example of how an attacker might avoid visual detection.​
Question
How does a cross-site scripting (XSS) attack work?
Question
List three of the most common Web application attacks.
Question
What are zero-day attacks?​
Question
Explain the HTTP header referrer attack.
Question
Describe the two types of privilege escalation.
Question
How does ARP poisoning take advantage of the use of ARP?​
Question
How does a SYN flood attack work?​
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 3: Application and Networking-Based Attacks
1
Because of the minor role it plays, DNS is never the focus of attacks.
False
2
Which SQL injection statement example below could be used to discover the name of the table?

A)whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --
B)whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
C)whatever; AND 1=(SELECT COUNT(*) FROM tabname); --
D)whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --
B
3
What language below is used to view and manipulate data that is stored in a relational database?

A)C
B)DQL
C)SQL
D)ISL
C
4
XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Which type of attack below is similar to a passive man-in-the-middle attack?

A)replay
B)hijacking
C)denial
D)buffer overflow
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Choose the SQL injection statement example below that could be used to find specific users:

A)whatever' OR full_name = '%Mia%'
B)whatever' OR full_name IS '%Mia%'
C)whatever' OR full_name LIKE '%Mia%'
D)whatever' OR full_name equals '%Mia%'
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?

A)/var/www
B)C:\Inetpub\ wwwroot
C)/var/html
D)C:\wwwroot
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

A)​Privilege escalation
B)​DNS cache poisoning
C)​ARP poisoning
D)​Man-in-the-middle
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?

A)​blocks
B)​marks
C)​taps
D)​tags
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
To what specific directory are users generally restricted to on a web server?

A)top
B)base
C)root
D)tap
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?

A)HTTP header
B)HTML header
C)XML header
D)SSL header
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Attacks that take place against web based services are considered to be what type of attack?

A)client-side
B)hybrid
C)server-side
D)relationship
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

A)buffer overflow
B)drive-by-download
C)denial of service
D)stack underflow
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?

A)whatever AND email IS NULL; --
B)whatever; AND email IS NULL; --
C)whatever" AND email IS NULL; --
D)whatever' AND email IS NULL; --
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

A)DNS poisoning
B)Phishing
C)DNS marking
D)DNS overloading
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
The exchange of information among DNS servers regarding configured zones is known as:

A)resource request
B)zone disarticulation
C)zone transfer
D)zone removal
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Which SQL injection statement can be used to erase an entire database table?

A)whatever'; DROP TABLE members; --
B)whatever'; DELETE TABLE members; --
C)whatever'; UPDATE TABLE members; --
D)whatever'; RENAME TABLE members; --
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
What language below is for the transport and storage of data, with the focus on what the data is?

A)​XML
B)​HTML
C)​SGML
D)​SML
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
What language below is designed to display data, with a primary focus on how the data looks?

A)XML
B)HTML
C)SGML
D)ISL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​A form of verification used when accessing a secure web application
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

A)HTTP
B)NSDB
C)URNS
D)DNS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
Injecting and executing commands to execute on a server​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​Part of the TCP/IP protocol for determining the MAC address based on the IP address.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​Another name for locally shared object (LSO)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
A web browser makes a request for a web page using the ________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Ethernet LAN networks utilize the physical _________________ address to send packets.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Select below the string of characters that can be used to traverse up one directory level from the root directory:

A);/
B)./
C)%20/
D)../
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
An attack that corrupts the ARP cache​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
The predecessor to today's Internet was a network known as ____________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Match the following terms to the appropriate definitions.
a. Address Resolution Protocol (ARP)
b. ARP Poisoning
c. Buffer overflow attack
d. Command injection
e. Cross-site scripting (XSS)
f. DNS poisoning
g. Flash cookie
h. Ping flood
​An attack that injects scripts into a web application server to direct attacks at clients.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

A)Session replay
B)Session spoofing
C)Session hijacking
D)Session blocking
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
A TCP/IP communication begins with a control message, known as a ________________, to initialize the connection.​
Match the following terms to the appropriate definitions.​
a.​Address Resolution Protocol (ARP)
b.ARP Poisoning​
c.​Buffer overflow attack
d.Command injection​
e.​Cross-site scripting (XSS)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
What is the goal of a directory traversal attack?​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What is a cookie, and how is it used?​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
In a drive-by download attack, provide an example of how an attacker might avoid visual detection.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
How does a cross-site scripting (XSS) attack work?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
List three of the most common Web application attacks.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What are zero-day attacks?​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Explain the HTTP header referrer attack.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Describe the two types of privilege escalation.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
How does ARP poisoning take advantage of the use of ARP?​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
How does a SYN flood attack work?​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree