Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

GATECH > DOS-Cybercrimes-PenTesting > Flashcards

DOS-Cybercrimes-PenTesting Flashcards

1
Q

What are the top 5 most common security attacks?

A
  1. Injection, 2 XSS 3 Broken Auth Sessions 4 Insecure Direct Object References 5 Sensitive Data Exposure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Sites on the internent as of 2015
How many sites google quarentines everyday
Malicious sites identified

A

1000000000
100000
30,000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name the characteristics of a Sandbox

A

Lightweight and easy to set up; data is not saved when application closes; anything changed or created is not visible beyond its boundaries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the characteristics of a Virtual Machine

A

Anything changed or created is not visible beyond its borders; machine within a machine; lightweight and easy to set up; disk space must be allocated to the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following are true?

  • CORS allows cross-domain communication from the browser
  • CORS requires coordination between the server and the client
  • CORS is not widely supported by browsers
  • CORS header can be used to secure resources on a website
A
  • CORS allows cross-domain communication from the browser

- CORS requires coordination between the server and the client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a definition of an origin?

A

A combination of URI scheme, hostname, and port number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following have the same origin to http://www.example.com/dir/page.html ?

A

http: //www.example.com/dir2/page.html
http: //www.example.com/dir2/page.html
http: //username:password@www.example.com/dir2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Type of cookie: Super

A

Cookie within an origin of a top level domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Type of cookie: Zombie

A

Cookie that regenerates after its deleted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Type of cookie: Samesite

A

Cookie that can only be sent in requests originating from the same origin as the target domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Type of cookie: HttpOnly

A

Cookie that can not be accessed via client side apis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Type of cookie: Thirdparty

A

Cookie that belongs to a domain different from the one in the address bar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Type of cookie: session

A

In-memory cookie; it doesn’t have an expiration date and is deleted when the browser closes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Type of cookie: persistent

A

Cookie that has expiration date and time; also called tracking cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Type of cookie: secure

A

A cookie that can only be transmitted over an encrypted connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following are true?

  • Cryptographic hash functions that are not one-way are vulnerable to preimage attacks
  • difficult hash function is one that takes a long time to calculate
  • A good cryptographic hash function should employ an avalanche effect
A
  • Cryptographic hash functions that are not one-way are vulnerable to preimage attacks
  • A good cryptographic hash function should employ an avalanche effect
17
Q

Which events trigger penetration testing?

  • infra is added or modified
  • applications are added or modified
  • end-user policies change
  • security patches are installed
A

All the above

18
Q

Steps of RSA attack

A
  1. Identify 2. Email 3. Executable
19
Q

Match the social engineering training tool with execution:

  • used to determine which users click on links in emails
  • signed Java applet is sent to user; a shell is sent back to the exploit server
  • flash program is created that exploits the server
  • email with attachment is downloaded and makes connection to exploit the server
A

Download connection - email with attachment is downloaded and makes connection to exploit the server

Click logger - used to determine which users click on links in emails

Reverse Shell Applet - signed Java applet is sent to user; a shell is sent back to the exploit server

Flash or CD autoplay - flash program is created that exploits the server

20
Q

Random Scanning

A

each compromised computer probes random addresses

21
Q

Permutation Scanning

A

All compromised computers share a common-pseudo random permutation of the IP address space

22
Q

Signpost scanning

A

Uses the communication patterns of a compromised computer to find new targets

23
Q

Hitlist scanning

A

a portion of the list of targets is supplied to the compromised computer

GATECH (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions