Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) > Module 25 - Web Application Threats - Q&A > Flashcards

Module 25 - Web Application Threats - Q&A Flashcards

1
Q 
Which of the following web application attacks are caused by compromising a vulnerable web site and uploading malicious code or using malicious links to get a user's sensitive information?
A. CSRF attack
B. XSS attack
C. Injection attack
D. Defacing attack
A

B. An XSS attack is caused by compromising a vulnerable web site and uploading malicious code or using malicious links to get a user’s sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
Which of the following could make a web application vulnerable to an XSS attack? (Choose two.)
A. Weak encryption algorithm
B. Use of Flash, VBScript, or JavaScript
C. Malformed HTML requests
D. Malformed TCP segments
A

B. C. The use of Flash, VBScript, or JavaScript, as well as malformed HTML requests, can be used to create and execute XSS attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Which of the following are small files located on a host that contain session information about visited web sites?
A. Cookies
B. .html files
C. Session keys
D. Applets
A

A. Cookies are small files located on a host that contain session information about visited web sites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
What types of applications do local shared objects support?
A. Java applets
B. Operating system executable files
C. Microsoft Office content
D. Adobe Flash content
A

D. Local shared objects support Adobe Flash content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

All of the following are mitigations against HTML attachment attacks, except.
A. Stripping e-mail attachments containing HTML files
B. Encrypting HTML attachments during transmission
C. Preventing Internet connections from HTML attachments
D. Cautioning users not to click HTML attachments

A

B. Encrypting HTML attachments during transmission does not prevent HTML attachment attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Manipulating \_\_\_\_ is one way to embed malicious commands and directives into HTTP traffic sent back and forth between a client and web server.
A. request packets
B. response segments
C. HTTP headers
D. flash cookies
A

C. Manipulating HTTP headers is one way to embed malicious commands and directives into HTTP traffic sent back and forth between a client and web server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) (40 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions