Open Systems Interconnection (OSI) and TCP/IP Security-Security Threats

required on OA

SQL Injection Attack

 Security solution: Leverage a reverse proxy system and scan incoming packets for malicious behavior.

\
 OSI Layer: Application (7)

Man-in-the-Middle Attack

 Security solution: Mitigate by using an application-layer proxy or an IPS, and train users about fake security certificates.

\
 OSI Layer: Presentation (6)

RPC Attack

 Security solution: Mitigate with regular OS and application patching.

\
 OSI Layer: Session (5)

Port Scanner

 Security solution: Mitigate by using a packet-filtering firewall.

\
 OSI Layer: Transport (4)

Ping Sweep Attack

 Security solution: Mitigate by using a packet-filtering firewall.

\
 OSI Layer: Network (3)

VLAN Hopping

 Security solution: Configure the VLAN tagging per the switch vendor’s recommendation.

\
 OSI Layer: Data Link (2)

Wiretapping

 Security solution: Look for physical vulnerabilities, check the locks on doors, racks, and wiring closets.

\
 OSI Layer: Physical (1)

A security analyst is testing the security of an organization’s website by placing a script directly into a search box. Which level of the OSI model is the analyst addressing?

Layer 7

Which Transport layer protocol is best suited for streaming audio and video?

User datagram protocol (UDP)

A security analyst is tasked to test a website for OSI Layer 7 vulnerabilities. The first test is to see if the fields on the website will execute code on the database server integrated with the site. The analyst types some text into the "email" box in a web form:

admin' or '1'='1

The web application responds with the following message:

Invalid Email Format.

You have an error in your syntax; check the manual that corresponds to your database server version for the right syntax to use near 'in' at line 1.

Which type of exploit is this analyst assessing for?

SQL injection attack