Ch. 7 Security + NTBLM Questions

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/54

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 9:45 PM on 6/30/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

55 Terms

1
New cards

What is the primary goal of both Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks?

Resource exhaustion.

2
New cards

How does a Distributed Denial-of-Service (DDoS) attack differ from a standard Denial-of-Service (DoS) attack?

It uses two or more computers as the source of the attack instead of one.

3
New cards

"Which network component's activity typically shows a sustained, abnormally high amount of traffic during a network-based DDoS attack?"

The network interface card (NIC).

4
New cards

"In a reflected DDoS attack, why does the third-party server send unsolicited traffic to the target system?"

The attacker sends requests using a spoofed source IP address belonging to the target.

5
New cards

Which DDoS variant combines reflection techniques with methods that generate a significantly larger response than the initial request?

Amplified DDoS.

6
New cards

"In a SYN flood attack, which part of the TCP three-way handshake does the attacker intentionally omit?"

The final ACK (acknowledge) packet.

7
New cards

What specific state are connections left in on a server targeted by a SYN flood attack?

Half-open.

8
New cards

Which form of forgery occurs when an attacker impersonates another entity by changing their source IP address?

IP spoofing.

9
New cards

"An on-path attack, where an attacker intercepts and modifies traffic between two parties, is also known as a _____ attack."

Man-in-the-middle

10
New cards

"What is a primary indicator of an on-path attack when using secure connections, such as HTTPS?"

The browser displays a warning that the certificate was not issued by a trusted authority.

11
New cards

What does SSH issue to the administrator if the host identification (fingerprint) has changed since a previous connection?

A warning indicating the administrator may be connecting to a different computer.

12
New cards

Which type of proxy Trojan horse infects web browsers via extensions to capture keystrokes and modify transactions?

Attacker-in-the-browser.

13
New cards

What occurs during an SSL stripping attack to make encrypted data readable to an outside attacker?

An HTTPS connection is downgraded to an unencrypted HTTP connection.

14
New cards

What is the primary indicator of a DNS poisoning attack?

"Users enter a valid URL but are redirected to a different, malicious website."

15
New cards

Where does the corruption of the name resolution process occur in a pharming attack?

On the user's local system (such as the hosts file).

16
New cards

"Which attack involves changing a domain name registration without the owner's permission, often via unauthorized email access?"

Domain hijacking.

17
New cards

A DNS server that uses filtering to provide incorrect results for malicious domains to prevent computers from reaching them is called a _____.

DNS sinkhole

18
New cards

What mechanism do security professionals use to identify which websites an infected system visited based on hostname queries?

DNS log files.

19
New cards

Which two protocols use timestamps and sequence numbers to thwart replay attacks?

Kerberos and IPsec.

20
New cards

What is the purpose of a replay attack?

To impersonate one of the parties in an original communication session by re-sending captured data.

21
New cards

The practice of checking data for validity before an application uses it is called _____.

Input validation

22
New cards

Why is server-side input validation considered more secure than client-side validation?

It cannot be easily bypassed by disabling JavaScript or using a web proxy.

23
New cards

"What term describes a security issue where two or more applications attempt to access a resource at the same time, causing a conflict?"

Race condition.

24
New cards

"In a TOCTOU race condition attack, what does the attacker attempt to do between the 'time of check' and 'time of use'?"

Modify the system or file after access is verified but before the legitimate operation is performed.

25
New cards

What is the best practice for reporting errors to end-users to prevent information leakage?

"Provide only general, generic error messages."

26
New cards

Why should detailed error information be logged internally even if it is not shown to the user?

To make it easier for developers to identify the cause of the error and resolve it.

27
New cards

What is the purpose of code obfuscation?

To make the code difficult to understand or unreadable to unauthorized parties.

28
New cards

How does software diversity provide an added layer of protection against attacks?

An attack that succeeds on one system will fail on another system using a different multicompiled binary.

29
New cards

What common best practice prevents unauthorized entities from accessing unencrypted remnants of data after processing is complete?

Flushing memory buffers.

30
New cards

"Which HTTP header is used to define multiple sources of acceptable content, such as allowed scripts and styles?"

Content-Security-Policy (CSP).

31
New cards

"What security attribute ensures a cookie is only transmitted over secure, encrypted channels?"

The 'secure' attribute.

32
New cards

Which security measure provides author identification and ensures that code has not been modified using a hash?

Code signing.

33
New cards

Which code analysis method examines the code line-by-line without executing it to identify potential vulnerabilities?

Manual code review (a form of static analysis).

34
New cards

What is the term for sending random strings of data to an application during dynamic code analysis to look for vulnerabilities?

Fuzzing.

35
New cards

What is the primary purpose of sandboxing in software testing?

To test applications within an isolated area to ensure changes do not affect other systems.

36
New cards

Which software development stage is used for late-stage testing and provides a complete but independent copy of the production environment?

Staging.

37
New cards

"In a database table, what are rows sometimes referred to as?"

Records or tuples.

38
New cards

"In a database table, what is the term for a specific column that identifies a data type?"

Attribute.

39
New cards

What is the primary method an attacker uses to launch a SQL injection attack?

Entering additional data into a webpage form to generate unauthorized SQL statements.

40
New cards

Which SQL syntax is commonly used in injection attacks to trick a database server into always returning a 'True' condition?

The clause `' OR 1=1

41
New cards

Which defensive programming technique uses a group of SQL statements that execute as a whole to prevent SQL injection?

Stored procedures.

42
New cards

What is the initial indicator that an application is suffering from a memory leak?

The system runs slower and slower until it is rebooted.

43
New cards

"What occurs when an application receives more input than it expects, potentially exposing system memory?"

Buffer overflow.

44
New cards

"What is the result when an application calculates a numeric value, such as $95 \times 59$, that exceeds the capacity of its reserved memory (e.g., 8-bit)?"

Integer overflow.

45
New cards

Which attack involves injecting a malicious library into a system's memory and causing it to run within a process?

DLL injection.

46
New cards

Which protocol specifies the formats and methods used to query databases of objects like users and computers within a domain?

Lightweight Directory Access Protocol (LDAP).

47
New cards

What is the primary indicator of a successful XML injection attack?

The unauthorized creation of unwanted user accounts.

48
New cards

Which attack uses navigation commands like ../ to access files outside of the intended web server directory?

Directory traversal.

49
New cards

How does 'Stored XSS' differ from 'Reflected XSS'?

The malicious script is saved permanently in a database or location on the web server instead of being triggered by a link.

50
New cards

Which security platform can handle simple administrative and cybersecurity tasks without taking up an administrator's time?

"Security Orchestration, Automation, and Response (SOAR)."

51
New cards

What is the goal of automated guardrails in security operations?

To ensure that security best practices are consistently followed throughout an organization.

52
New cards

"In the context of automation, what does 'Provisioning' refer to?"

"Automating the process of creating, updating, and removing user accounts and permissions."

53
New cards

What is a major drawback of over-reliance on automation and scripting in IT infrastructure?

It can create a single point of failure.

54
New cards

What term describes the need to update or replace existing scripts and integrations as automation tools evolve?

Technical debt.

55
New cards

Which specific automation use case helps maintain a secure environment by limiting unnecessary access and reducing attack surfaces?

Enabling/disabling services and access.