1/54
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
What is the primary goal of both Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks?
Resource exhaustion.
How does a Distributed Denial-of-Service (DDoS) attack differ from a standard Denial-of-Service (DoS) attack?
It uses two or more computers as the source of the attack instead of one.
"Which network component's activity typically shows a sustained, abnormally high amount of traffic during a network-based DDoS attack?"
The network interface card (NIC).
"In a reflected DDoS attack, why does the third-party server send unsolicited traffic to the target system?"
The attacker sends requests using a spoofed source IP address belonging to the target.
Which DDoS variant combines reflection techniques with methods that generate a significantly larger response than the initial request?
Amplified DDoS.
"In a SYN flood attack, which part of the TCP three-way handshake does the attacker intentionally omit?"
The final ACK (acknowledge) packet.
What specific state are connections left in on a server targeted by a SYN flood attack?
Half-open.
Which form of forgery occurs when an attacker impersonates another entity by changing their source IP address?
IP spoofing.
"An on-path attack, where an attacker intercepts and modifies traffic between two parties, is also known as a _____ attack."
Man-in-the-middle
"What is a primary indicator of an on-path attack when using secure connections, such as HTTPS?"
The browser displays a warning that the certificate was not issued by a trusted authority.
What does SSH issue to the administrator if the host identification (fingerprint) has changed since a previous connection?
A warning indicating the administrator may be connecting to a different computer.
Which type of proxy Trojan horse infects web browsers via extensions to capture keystrokes and modify transactions?
Attacker-in-the-browser.
What occurs during an SSL stripping attack to make encrypted data readable to an outside attacker?
An HTTPS connection is downgraded to an unencrypted HTTP connection.
What is the primary indicator of a DNS poisoning attack?
"Users enter a valid URL but are redirected to a different, malicious website."
Where does the corruption of the name resolution process occur in a pharming attack?
On the user's local system (such as the hosts file).
"Which attack involves changing a domain name registration without the owner's permission, often via unauthorized email access?"
Domain hijacking.
A DNS server that uses filtering to provide incorrect results for malicious domains to prevent computers from reaching them is called a _____.
DNS sinkhole
What mechanism do security professionals use to identify which websites an infected system visited based on hostname queries?
DNS log files.
Which two protocols use timestamps and sequence numbers to thwart replay attacks?
Kerberos and IPsec.
What is the purpose of a replay attack?
To impersonate one of the parties in an original communication session by re-sending captured data.
The practice of checking data for validity before an application uses it is called _____.
Input validation
Why is server-side input validation considered more secure than client-side validation?
It cannot be easily bypassed by disabling JavaScript or using a web proxy.
"What term describes a security issue where two or more applications attempt to access a resource at the same time, causing a conflict?"
Race condition.
"In a TOCTOU race condition attack, what does the attacker attempt to do between the 'time of check' and 'time of use'?"
Modify the system or file after access is verified but before the legitimate operation is performed.
What is the best practice for reporting errors to end-users to prevent information leakage?
"Provide only general, generic error messages."
Why should detailed error information be logged internally even if it is not shown to the user?
To make it easier for developers to identify the cause of the error and resolve it.
What is the purpose of code obfuscation?
To make the code difficult to understand or unreadable to unauthorized parties.
How does software diversity provide an added layer of protection against attacks?
An attack that succeeds on one system will fail on another system using a different multicompiled binary.
What common best practice prevents unauthorized entities from accessing unencrypted remnants of data after processing is complete?
Flushing memory buffers.
"Which HTTP header is used to define multiple sources of acceptable content, such as allowed scripts and styles?"
Content-Security-Policy (CSP).
"What security attribute ensures a cookie is only transmitted over secure, encrypted channels?"
The 'secure' attribute.
Which security measure provides author identification and ensures that code has not been modified using a hash?
Code signing.
Which code analysis method examines the code line-by-line without executing it to identify potential vulnerabilities?
Manual code review (a form of static analysis).
What is the term for sending random strings of data to an application during dynamic code analysis to look for vulnerabilities?
Fuzzing.
What is the primary purpose of sandboxing in software testing?
To test applications within an isolated area to ensure changes do not affect other systems.
Which software development stage is used for late-stage testing and provides a complete but independent copy of the production environment?
Staging.
"In a database table, what are rows sometimes referred to as?"
Records or tuples.
"In a database table, what is the term for a specific column that identifies a data type?"
Attribute.
What is the primary method an attacker uses to launch a SQL injection attack?
Entering additional data into a webpage form to generate unauthorized SQL statements.
Which SQL syntax is commonly used in injection attacks to trick a database server into always returning a 'True' condition?
The clause `' OR 1=1
Which defensive programming technique uses a group of SQL statements that execute as a whole to prevent SQL injection?
Stored procedures.
What is the initial indicator that an application is suffering from a memory leak?
The system runs slower and slower until it is rebooted.
"What occurs when an application receives more input than it expects, potentially exposing system memory?"
Buffer overflow.
"What is the result when an application calculates a numeric value, such as $95 \times 59$, that exceeds the capacity of its reserved memory (e.g., 8-bit)?"
Integer overflow.
Which attack involves injecting a malicious library into a system's memory and causing it to run within a process?
DLL injection.
Which protocol specifies the formats and methods used to query databases of objects like users and computers within a domain?
Lightweight Directory Access Protocol (LDAP).
What is the primary indicator of a successful XML injection attack?
The unauthorized creation of unwanted user accounts.
Which attack uses navigation commands like ../ to access files outside of the intended web server directory?
Directory traversal.
How does 'Stored XSS' differ from 'Reflected XSS'?
The malicious script is saved permanently in a database or location on the web server instead of being triggered by a link.
Which security platform can handle simple administrative and cybersecurity tasks without taking up an administrator's time?
"Security Orchestration, Automation, and Response (SOAR)."
What is the goal of automated guardrails in security operations?
To ensure that security best practices are consistently followed throughout an organization.
"In the context of automation, what does 'Provisioning' refer to?"
"Automating the process of creating, updating, and removing user accounts and permissions."
What is a major drawback of over-reliance on automation and scripting in IT infrastructure?
It can create a single point of failure.
What term describes the need to update or replace existing scripts and integrations as automation tools evolve?
Technical debt.
Which specific automation use case helps maintain a secure environment by limiting unnecessary access and reducing attack surfaces?
Enabling/disabling services and access.