Application Attacks and Security

Question 1

An exploit connects to a specific TCP port and presents the attacker with an administrative command prompt. What type of attack is this?

Botnet

Trojan

Privilege escalation

Answer 1

Privilege escalation

Privilege escalation occurs when a user gains higher access rights than he or she should have, either because they were given too many rights or because of a security flaw

Question 2

Which of the following best describes a buffer overflow attack?

Injecting database code via a web page

Using a dictionary file to crack passwords

Sending too much data to an application that allows an attacker to run arbitrary code

Answer 2

Sending too much data to an application that allows an attacker to run arbitrary code

A buffer overflow attack occurs when an attacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application, which can result in areas of code being overwritten and may cause the application to crash or allow arbitrary execution of commands on the target

Question 3

You are analyzing web traffic in transit to your web server, and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?

XML injection

SQL injection

LDAP injection

Answer 3

SQL injection

A SQL injection attack occurs when the attacker inserts database (SQL) statements into a backend database, via a web site, that manipulates the way the database stores data. In this example, the attacker is trying to bypass the logon by using “pass’ or 1=1–” as a password, thus attempting to display all the database records

Question 4

Which of the following is the most likely to mitigate against buffer overflow attacks?

Antivirus software

Firewall ACLs

Patching

Answer 4

Patching

Buffer overflow attacks can often be mitigated by ensuring that you keep up-to-date with system and application patches. As the vendor finds the vulnerabilities, that vendor will fix the issues through a patch. Input validation is also a common mitigation for buffer overflow attacks

Question 5

What type of attack involves the attacker inserting a client-side script into the web page?

XSS

Watering hole

ARP poisoning

Answer 5

XSS

Cross-site scripting (XSS) is an attack that involves the attacker inserting script code into a web page so that it is then processed and executed by a client system when a user browses that web page

Question 6

Your manager has read about SQL injection attacks and is wondering what can be done to best protect against them for applications that were developed in-house. What would you recommend?

Patching

Antivirus

Input validation

Answer 6

Input validation

A SQL injection attack involves the attacker inserting database code via a web application, where it is not expected. The best countermeasure to this is to have your programmers validate any information (check its accuracy) passed into an application

Question 7

What type of file on your hard drive stores web app preferences and session data?

Cookie

Hosts

LMHOSTS

Answer 7

Cookie

A cookie is a text file used by a web browser to store web app preferences and session information. A secure cookie prevents attackers from using the cookie to impersonate a user through XSS attacks by scripting languages such as JavaScript (cookie HTTPOnly flag) and allows cookie transmission only over HTTPS (cookie Secure flag)

Question 8

Which type of vulnerability results from writing data beyond expected memory boundaries?

Pointer dereference

Integer overflow

Buffer overflow

Answer 8

Buffer overflow

Buffer overflows result from writing data beyond expected memory boundaries, which can crash a program or allow arbitrary code execution

Question 9

Which application-testing technique is the most likely to uncover improper input handling?

Fuzzing

Overloading

Penetration testing

Answer 9

Fuzzing

Fuzzing provides a large amount of input data, even invalid data, to an application in order to observe its behavior; the idea is to ensure that the application is stable and secure with its input and error handling

Question 10

Which programming problem stems from multiple threads not executing in a predictable, sequential pattern?

Blue screen of death

Multi-core CPU throttling

Race condition

Answer 10

Race condition

In a race condition, when code is executed by multiple threads, the timing of dependent events is not predictable, and as a result, a different thread can function in an unintended manner. For example, a piece of code may check the value of a variable and take action later, while that variable’s value can change in the interim

Question 11

A piece of malware replaces a library of code used as needed by a controlling program. What name describes this type of security issue?

DLL injection

Pointer dereference

Integer overflow

Answer 11

DLL injection

Dynamic-link library (DLL) injections insert code into a DLL, which is called by a program at runtime as needed

Question 12

Which term describes applications that are allowed to run on company computers?

Application approved list

Application block list

Fuzzing

Answer 12

Application approved list

Allowed applications are applications that can run on the company’s computer systems. These apps are listed within a policy that applies to computers to control software execution to prevent potentially malicious software from running

Question 13

Jane is the lead security officer for your company and is analyzing web server logs. Jane notices suspicious activity related to navigating the file system on a web server. What type of attack was most likely performed?

Integer overflow

Directory traversal/command injection

Malicious add-on

Answer 13

Directory traversal/command injection

Directory traversal, also known as command injection, occurs when the attacker accesses web server directories, which are restricted in order to execute commands found in the operating system of the web server

Question 14

A malicious user deploys a rogue wireless access point that users unknowingly connect to. User traffic is captured, modified, and sent back out on the network in an attempt to send fraudulent user session data. Which type of attack it this?

Replay

Shimming

Refactoring

Answer 14

Replay

Replay attacks involve an attacker first capturing packets of interest, possibly manipulating something in the packet, and then sending it back out on the network. This type of attack can be used to gain access to sensitive resources as a valid user by resending authorized access traffic

Question 15

An attacker tricks a user into clicking a malicious link that causes an unwanted action on a web site the user is currently authenticated to. What type of exploit is this?

Cross-site request forgery

Cross-site scripting

Replay

Answer 15

Cross-site request forgery

Cross-site request forgeries occur when an attacker tricks a user into executing unwanted actions on a web site she is currently authenticated to

Question 16

After testing revealed security flaws, for quality assurance reasons, a software developer would like to harden a custom database API that accepts user parameters. Which hardening techniques should be used? (Choose two.)

Input validation

HTTPS API access

Elasticity

Autoscaling

Answer 16

Input validation

HTTPS API access

Software developers must use input validation as a secure coding method to ensure that user-supplied data is expected and valid. Input validation should occur server-side so that validation code is not exposed or potentially modified client-side. To mitigate API attacks, HTTPS can be used to authenticate and encrypt connections to an API

Question 17

Which type of Public Key Infrastructure (PKI) certificate should software developers use to establish a chain of trust?

Client-side

Wildcard

Code-signing

Answer 17

Code-signing

Code-signing certificates are used by script writers and software developers to digitally sign scripts or software files. Devices that trust the certificate issuer will trust files signed by issued code-signing certificates. Software developers must harden their systems to ensure that their software compilers and certificates are not compromised. Compilers are used to convert programming language code to binary machine-readable language

Question 18

Software developers in your company use a centralized code version-control system to track programming code creation, modification, testing, and deployment. You have created automation scripts that are used by this tool to trigger code tests when new code is checked in. Upon successful testing, the code is then packaged and a push notification of the update is sent to mobile app users. Which term best describes this environment?

CI/CD

Input validation

Elasticity

Answer 18

CI/CD

Continuous integration and continuous deployment (CI/CD) uses automation to speed up the overall development and delivery of software to interested parties. This can include the monitoring of code check-ins and validating the integrity of code changes through automated testing scripts

Question 19

Which non-profit organization focuses solely on securing web applications?

OWASP

NIST

ISO

Answer 19

OWASP

The Open Web Application Security Project (OWASP) is a vendor-neutral non-profit organization whose focus is to provide guidance and free tools that can be used to secure web applications. Tools include web vulnerability scanners and fuzzers, as well as secure programming libraries supporting security features such as input validation through the OWASP Enterprise Security API (ESAPI)

Question 20

Which benefits are derived from the use of database stored procedures? (Choose two.)

Code reuse

Shimming

CI/CD

Database object permissions assignment

Answer 20

Code reuse

Database object permissions assignment

Stored procedures are similar to a function or script that can be executed over and over in a database environment. Stored procedures can be assigned permissions to access specific database objects such as tables, and users or database roles are granted the permission to execute stored procedures

Question 21

Your team has been tasked with reviewing the source code for a custom application component to identify and mitigate source code vulnerabilities. Which term best describes the procedure?

Dynamic code analysis

Shimming

Static code analysis

Answer 21

Static code analysis

Static code analysis involves reviewing software source code to identity problems such as security vulnerabilities

Question 22

Which type of software programming vulnerability could allow data to be overwritten in memory, thus affecting the stability of the program?

Buffer overflow

XSS

Cross-site request forgery

Answer 22

Buffer overflow

A buffer overflow attack occurs when an attacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application, which can result in areas of code being overwritten, and may cause the application to crash or allow arbitrary execution of commands on the target

Question 23

Which action simulates attacks against a web application?

Normalization

Penetration testing

Obfuscation

Answer 23

Penetration testing

Simulating attacks against an IT environment, including web applications, is called penetration testing, or pen testing. This type of testing is used to identify security flaws that can be actively exploited. Pen tests can render a web app unusable and must be executed with the direct permission of the system owner

Question 24

You have configured the expires HTTP header on your web server with a value of -1. What does this mean?

Cache this HTTP response for 1 day.

Do not accept this HTTP response.

Data must be requested before being displayed again.

Answer 24

Data must be requested before being displayed again.

The -1 value for an expires HTTP header means expiration is immediate, and caching for this response does not occur; thus, upon reuse, the data will have to be requested from the server. Caching be sometimes be useful to decrease the amount of time it takes to load web page content and reduce the amount of network traffic sent to a web server. On the server side, caching reduces the number of HTTP requests that must be processed by the web server

Question 25

Which HTTP response header is used to require HTTP connections?

Allow

Expires

HSTS

Answer 25

HSTS

The HTTP Strict Transport Security (HSTS) response header requires HTTPS secured web server connections; it prevents downgrade attacks that may attempt to use HTTP

Question 26

Which HTTP response header flags can mitigate XSS attacks and ensure confidentiality over the network? (Choose two.)

X-Frame-Options

HttpOnly

Secure

Expires

Answer 26

HttpOnly

Secure

The HTTPOnly flag prevents client-side script access to a sensitive cookie; it is accessible only by the server. The secure flag requires transmission using HTTPS as opposed to the less secure HTTP

Question 27

Which activity can be used to identity and remove dead code?

Dynamic code analysis

Static code analysis

Fuzzing

Answer 27

Static code analysis

Static code analysis involves reviewing software source code to identity problems such as security vulnerabilities and existing dead code fragments

Question 28

Which activity is considered to be a form of penetration testing?

Dynamic code analysis

Static code analysis

Fuzzing

Answer 28

Fuzzing

Fuzzing provides a large amount of input data, even invalid data, to an application in order to observe its behavior; the idea is to ensure that the application is stable and secure with its input and error handling. It’s commonly used as a black-box software testing technique

Question 29

Your developers must digitally sign scripts before they will be trusted to run on corporate computers. What must be in place before a code-signing certificate can be issued?

PKI

CI/CD

OWASP

Answer 29

PKI

A PKI is a hierarchy of security certificates used to secure computing environments such as through disk encryption and network authentication and encryption. Developers can use it to sign their source code to ensure that anyone that downloads it is able to confirm the validity of the code

Question 30

Which of the following security terms is the most closely related to memory management?

Race condition

Cross-site scripting

Buffer overflow

Answer 30

Buffer overflow

A buffer overflow attack occurs when an attacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application, which can result in areas of code being overwritten, and may cause the application to crash or allow arbitrary execution of commands on the target

Question 31

What can be done to mitigate XSS attacks?

Install a device PKI certificate.

Enable the use of stored procedures.

Block the use of web browser client-side scripting languages.

Answer 31

Block the use of web browser client-side scripting languages.

A XSS attack involves the attacker inserting script code into a web page so that it is then processed and executed by the client web browser, once the user accesses the web page. If the target client web browser blocks languages such as JavaScript from executing in the web browser, the attack is mitigated because the code does not execute