GFACT Certification Exam

studied byStudied by 61 people
0.0(0)
get a hint
hint

(B2, Pg122) What does it mean when a computer program is "multi-threaded"?

A) It calls multiple external libraries

B) It has multiple serial number for different users

C) It can run multiple chunks of code concurrently

D) It has multiple functions defined in the program

1 / 159

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

160 Terms

1

(B2, Pg122) What does it mean when a computer program is "multi-threaded"?

A) It calls multiple external libraries

B) It has multiple serial number for different users

C) It can run multiple chunks of code concurrently

D) It has multiple functions defined in the program

It can run multiple chunks of code concurrently

2

(B3, Pg162) Which of the following is a common result of a reflected cross-site scripting attack?

A)Tricking a user into making an authenticated transaction B)Sending a website user's session cookie to an attacker C) Embedding the attacker's malware in web application source code D) Stealing password hashes from a website's back end database

HINT It may be under the session guessing section, but if you read further into it, you will see where it mentions XSS attack.

Sending a website user's session cookie to an attacker

3

(B3, Pg90) What tool can be used to fingerprint the operating system of a host?

A)netstat B)dig C)nslookup D)nmap

Nmap

4

(B3, Pg151) What type of vulnerability is illustrated where there is code in the web page?

A)File Inclusion B) Clickjacking C)Cross-Site Scripting D) SQL injection

HINT While it doesn't exactly say "code in the web page", it mentions how you can sometimes view a page that looks like PHP code and how that code can gain you access to the access logs of the server.

File Inclusion

5

(B3, Pg88-89) An alert indicates that a compromised host was used by an attacker to run the command below. What was the attacker attempting to do?

$ nmap -sS 192.168.10.0/24

A)Map a network drive to a remote host B)Identify services running on network hosts C)Execute a script on a remote host D)Send Spoofed packets to network hosts

Identify services running on network hosts

6

What type of artifact can a blue team member use to identify the name that is associated to the file?

A)Metadata B)Windows security logs C)Prefetch D)File Ownership

Metadata

7

(B3, Pg307-308) What is HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run considered to be?

A)Domain Name B)Log File Path C) Registry Key D) Yo Mama's Number

A Registry Key

8

(B1, Pg236) If a user agent is used, where would it be found in the HTTP Protocol?

A)In the response header B)In the response body C)Delimited by an h1 tag D) In a GET Request

In a GET Request

9

What benefit does moving from local logging to using a log server provide organizations?

A) Enables the use of network intrusion detection systems (NIDS) B) Harder for attackers to overwrite logs C) Attackers will have to pivot through an extra server to infiltrate the network D)Less complex logging infrastructure

Harder for attackers to overwrite logs

10

(B3, Pg187) What is the only way to mitigate an integer overflow/underflow?

A) Takin the absolute value of negative results prior to running the equation B) Checking that the result of any change to a signed integer falls within an allowed range C) Randomizing salt values prior to hashing user content D) Sanitizing user input to block special characters from being entered

Checking that the result of any change to a signed integer falls within an allowed range

11

(B2, Pg17) Which Variable name will cause Python to produce an error?

A)2nd_phone_number B)LASTNAM_ C)streetAddress D)_firstname

HINT You can start a variable name with a letter or an underscore, but NOT WITH A NUMBER!

2nd_phone_number

12

What is the following command attempting to accomplish in Kali Linux?

dnsmap myfakedomain.local -w /usr/share/wordlists/dnsmap.txt

A)Search for subdomains based upon the wordlist provided B) Check for users based on the wordlist provided C)Run checks on the applications based on the wordlist provided D)Call yo mama

Search for subdomains based upon the wordlist provided

13

(B3, Pg121) How do you remove data from a Solid State Drive?

A) Destroy it B) Place Magnets upon it C) Snap it D) Yo mama sit on it

Destroy it

14

(B3, Pg56) Where are the wordlists located in Kali?

A)/var/opt/wordlists B)/etc/default/wordlists C)/etc/security/wordlists D)/var/adm/wordlists E)/usr/share/wordlists

/usr/share/wordlists

15

(B1, Pg174) What is the outcome of the command below?

ps aux | grep -i sshd | grep root

A) Enabling logging for all root logins for the ssh service B)Terminating the secure shell service C)List of secure shell processes running under the root user D)Starting up the ssh service as the root user

List of secure shell processes running under the root user

16

When would a security analyst create a "TCP Socket" in a Python Program?

A) When scanning the host computer for malicious software B) When creating a script to run against a network service C) When collecting information about the host computer's hardware D) When the host is running network services in the background during Python program execution

When creating a script to run against a network service

17

(B2, Pg180) What is used to access the address of a variable in the C Programming Language?

A) &stuff B) *stuff C) {stuff} D) [stuff]

&stuff

18

(B1, Pg134) What does the home folder contain?

A) User Directories for every user on the system excluding the root user B)Yo Mama C)All of the directories on a system D) Only the Guest directories on a system

User Directories for every user on the system excluding the root user

19

(B2, Pg285) What does the Local Users Management Console do?

A)Create users within Windows B) Create groups within Windows C) Yo Mama (insert giggle) D) Change your password

Create users within Windows, create groups within Windows, Change your password

20

(B1, Pg83) What kind of storage system are in USB's?

A)exFAT B)FAT32 C)NTFS D)HFS Plus

exFAT

21

(B2, Pg294) When a new File is created what permissions are inherited?

A) Parent Folder B) You set them when you open the folder C) Root Permissions D) Default File Permissions

Parent Folder

22

(B1, Pg211-212) What command will generate a makefile that is tuned to the system that it is installed to?

A)source makefile.am B)source configure.in C) ./install-sh D) ./configure

./configure

23

(B3, Pg179-180) What might a captcha do to a scanner?

A) Redirect the scanner to the same page in a loop B) Proceed to the website as per normal C) Shut the scanner down D) Lock you out of the website

Redirect the scanner to the same page in a loop

24

(B1, Pg100) The user starts Microsoft Word and clicks File | Open. What does word do as a result?

A) Generates a software interrupt B) Loads the kernel C) Opens the appropriate output HID D) Yo Mama

Generates a software interrupt

25

(B3, Pg84) What attack is being attempted by the command shown below?

root@kali: ~/target# dirb https:www.sans.org /usr/share/wordlists/dirb/small.txt

A) Dictionary attack against known user accounts on a website B) Dictionary attack against unknown user accounts on a website C) Search for valid accounts using a wordlist against a website D) Search for directories not linked to public areas of a website

Search for directories not linked to public areas of a website

26

Where is the data from the GDB output shown in the image stored on the host?

A) Master Boot Record B) BIOS C) CPU D) Random Access Memory

CPU

27

(B2, Pg369) What command is used to generate lists of images that are stored locally and provides arguments for handling them?

A) docker images B) docker pull C) docker run D) vi Dockerfile E) docker ps

docker images

28

What is the significance of the items listed in pwbdbg's backtrace?

A) They are all of the functions called up to this point B) They are functions currently loaded in the CPU cache C) It is a list of functions that are about to be called D) They are pointed to by the GLOBAL_OFFSET_TABLE

They are all of the functions called up to this point

29

(B3, Pg340) Which packet header field characteristic is a strong indicator of data exfiltration?

A) TCP Packets in a session with varying message data sizes B) ICMP echo requests with varying data field sizes C) UDP packets with invalid checksums D) Yo mama

ICMP echo requests with varying data field sizes

30

(B3, Pg108) During which stage of incident response should the adequacy of policies be examined?

A) Lessons learned B) Eradication C) Recovery

Lessons Learned

31

(B3, Pg21) What is a way to check the symmetric or asymmetric encryption?

A) The Website's SSL certificate B) The Public Key C) The Private Key D) Yo Mama

The Website's SSL certificate

32

Which of the follow C:\Windows\System32 subdirectories may provide stored credentials from unattended installs?

A) Restore B) Boot C) Sysprep D) Dism

Sysprep

33

(B2, Pg292) Which of the following is one of the four User Account Control (UAC) settings on a Windows system?

A) Access this computer from the network B) Full control C) Run as Administrator D) Always notify

Always notify

34

(B1, Pg236) What HTTP protocol request asks a web server to retrieve metadata without the data?

A) PUT B) HEAD C) GET D) POST

HEAD

35

(B1, Pg132) What command will change your directory to the current home folder?

A) cd ~ B) cd .. C) cd // D) cd Yo Mama

cd ~

36

What does the home folder contain?

A) The user directories for every user other than the root B) All directories under the Windows machine C) The specific user's directory D) Yo Mama

The user directories for every user other than the root

37

Examine the list from a Python program below. Which statement will display Oregon?

PNW_states = [ 'Washington' , 'Oregon' , 'Idaho' , 'Montana' , 'Wyoming' ]

A) print(PNW_states[2]) B) print(PNW_states(2)) C) print(PNW_states[1]) D) print(PNW_states[0][2])

print(PNW_states[1])

38

If you run the command "Python" on a Linux system where it is installed, what will happen?

A)Python will list all currently installed libraries and modules B) The computer will run Python in the background upon reboot C) The operating system will prompt you for a Python code file to open D) An interactive console will open for writing simple Python code

An interactive console will open for writing simple Python code

39

A Web application is configured to validate a unique token value for each submitted user request. What threat is being mitigated?

A) Local file inclusion B) Cross site request forgery C) Drive-by downloads D) Command injection

Cross site request forgery

40

(B2, Pg40) In the Python programming language, case_stats, shown below, is which of the following?

Imagine a picture here OR go to B2, Pg40 for reference

A) Dictionary B) Tuple C) Array D) List

Dictionary

41

Which of the following is the name given to the behaviors that objects have in object oriented programming?

A) Methods B) Functions C) Modules D) Procedures

Methods

42

Which of the following services would be a target for privilege escalation?

1: Microsoft Office Click-to-Run Service "C:\Program Files\Common Files\ Microsoft Shared\ClickToRun\OfficeClickToRun.exe" 2: CodeMeter Runtime Server C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe 3: TP AutoConnect Service "C:\Program Files\VMWare\VMware Tools\TPAutoConnsvc.exe" Manual

A) Microsoft Office Click To Run Service B) CodeMeter Runtime Server C) TP AutoConnect Service D) Yo Mama

CodeMeter Runtime Server

43

In both the TCP handshake and teardown, the ACK number increases by one. How much data is being sent?

A) Zero bytes B) Two bytes C) One byte D) Three bytes

Zero bytes

44

(B1, Pg340-341) What can an Apache server administrator do to prevent version information from leaking?

A) Run Apache as a non-root user B) Enable HTTPS C) Set permission on /var/www/html to 700 D) Disable the banner

Disable the banner

45
(B2, Pg351) When debugging a program with pwngdb what is the significance of the s in x/s 0x80484ef command shown in the command below:

pwndbg> x/s 0x80484ef
0x80484ef

Identifies the output format for data at address ox80484ef

46

(B2, Pg11) What is it called when a user makes a change to the master code in a Git repository?

A) Pull B) Clone C) Branch D) Commit

Commit

47

(B3, Pg168) A GIAC administrator has configured their company's web server to send an X-Frame-Options header in every request to an HTTP page. The admin has configured the option to use the values DENY,SAMEORGIN, or ALLOW-FROM. What attack is the administrator addressing with the techniques described above?

A) SQL injection B) Cross-Site request forgery C) Cross-Site scripting D) Directory traversal E) Clickjacking

Clickjacking

48

(B3, Pg158) How do prepared statements help prevent SQL injection attacks?

A) Query parameters are sent in the body of a POST request B) Queries are appended with an authorization token C) Query language is kept separate from user supplied data D) Queries submitted by users are HTML entity encoded

Query language is kept separate from user supplied data

49

(B1, Pg 236) If the user agent is used, where would it be found in the HTTP protocol?

A) In the response body B)In the response header C) Delimited by an h1 tag D) In a GET Request

In a GET Request

50

(B3, Pg170) A web application is configured to validate a unique token value for each submitted user request. What threat is being mitigated?

A)Local file inclusion B) Cross Site request forgery C)Drive-By downloads D) Command injection

Cross Site request forgery

51

(B3, Pg142) Which exploit takes advantage of a web-page field that does not validate input?

A) Session hijacking B) Command injection C)Password cracking D) Steganography

Command injection

52

Which computer component manages ongoing access to a computer's shared RAM and drive storage resources?

A)Memory Registers B)BIOS C)Kernel D)Bootloader

Kernel

53

(B2, Pg285-286) What Windows configuration utility can be used by a local administrative user to create an account which requires the password to be reset upon first login?

A) Dynamic Host Configuration Protocol B) Family & Other People Control Panel C) Local Users Management Console D) User Account Control (UAC)

Local Users Management Console

54

(B1, Pg100) When is a software interrupt issued by a computer?

A) When a user switches from one visible program to another in the GUI B) When power is suddenly cut off the CPU C) When a user has not taken action in a pre-specified amount of time D) When a new event occurs that requires attention from the processor

When a new event occurs that requires attention from the processor

55

(B2, Pg368) Which of the following can best be described as a recipe for building Docker containers?

A) Operating System B) Daemon C) Hub D) Image

Image

56

What is interesting to be an attacker about the program below?

-rwsr-xr-x 1 root root 44k May 7th 2014 /bin/ping

A)The program will be run with root permissions B) The program can only be saved by the root user C)The program will create a tunnel to the remote host D) Yo mama

The program will be run with root permissions

57

(B1, Pg128) What is the result of the following Linux command?

sudo find /etc -exec sh -i /;

A)Updating files in /etc with sh B)Listing executable file in /etc C) Gaining a shell with root access

Gaining a shell with root access

58

Consider the TCP communication between two computers shown below. What will computer A do following Computer B's response?

Computer A sends 20 bytes of data Computer B responds with Computer A's acknowledgment number + 15

A)Send a FIN packet to close the connection B) Send the missing five bytes C)Resend the entire packet D)Ask computer B what bytes are missing

Resend the entire packet

59

A user adds a new directory to a Linux system's $PATH environment variable, #export $PATH=$PATH:new_dir. What action will cause the updated $PATH variable change back to the original value?

A)Closing and re-opening the terminal B)Running the command "rm $PATH" C) Echoing the $PATH to /dev/null

Closing and reopening the terminal

60

When a program runs on a computer, it temporaily loads code into memory that contains information about the program. The code is deleted when the program is closed. What is the instance of this code called?

A) Process B) Kernel C) BIOS D) Application

HINT Every time you run a program on your computer, a "BLANK" is created in memory. When you close the program, the "BLANK" is killed.

Process

61

(B3, Pg169) What is a requirement for cross-site request forgery to work?

A) The victim must be authenticated with the target site B) The Attacker must have root privileges on the victim's system C) The victim must be a member of the IIS_USER group D) The attacker must steal the victim's cookie

HINT CSRF involves an authenticated user clicking on a link that an attacker plants. This link will cause the victim's browser to perform an action using their authenticated credentials.

The victim must be authenticated with the target site

62

(B1, Pg144) Which of the following commands will set or modify an environment variable?

A) export B)grep C)nano

HINT The "Blank" command is used to set or modify an environmental variable.

export

63

(B1, Pg135) In which directory are Linux logs generally found?

A)var B)bin C)boot D)mnt

HINT The "blank" folder contains system files that tend to increase in size over time (hence it's a "blank" size folder). Things like log files, the mail directory, and so on, go here.

var

64

What type of exploit is described below?

CVE-2019-9874: Deserialization of Untrusted Data in the Sitecore.Security.AnitCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.

A) RCE B) Heap corruption C) Information disclosure D) Buffer over-read E) File Inclusion F)SQLi

HINT "Blank" bugs allow an attacker to achieve "arbitrary code execution." This, in effect, allows them to assume control of a target system. They can come in many flavors but are often seen as the most high-risk category of attack.

RCE

65

(B3, Pg202) Which buffer overflow mitigation places a value before the return pointer in the stack?

A) Canary B) Parameterized query C) Random session token D) Format String

HINT The stack "blank" is a value that sits before the return pointer in the stack. When the program's execution hits the return instruction, before the return pointer is loaded into EIP, the value of the stack "blank" is checked. If it has been overwritten, then the program terminates because the CPU then knows that something dodgy was going on, since the value of the stack "blank" which shouldn't have changed has changed. The stack "blank" can usually be bypassed by finding out the value the "blank" is expected to be and overwriting it with the same value. Sometimes this is made harder by a stack "blank" that contains null byte values since many functions which read user input in C will stop reading more data as soon as they see a null byte. It doesn't make it impossible to bypass, however.

Canary

66

(B1, Pg128) Which Linux command will allow a user to run a command with escalated privileges using their own password?

A)sudo B)bash C)su D)which

HINT The "blank" program will allow a user to temporarily take on the privileges of the root account to run a command and then it will drop user privilege level back down to your normal account levels after the command runs. The way "blank" works is there is a configuration file called "sudoers" file, which basically a list of which accounts are allowed to do what with superuser privileges (and only root can edit it). When a user wants to run a command with privileges, they append "blank" before the command. They will then be prompted for their normal account password (not the root password), and then the command will run with super user privileges.

sudo

67

(B3, Pg22) Which of the following is a form of one-way encryption?

A) Hashing B)Symmetric C)Substitution D)Asymmetric

HINT "Blank" is a third form of encryption, but its uses are a bit more niche. The third form of encryption is called hashing: a form of one-way encryption. That means, once data is encrypted, the process can not be reversed to go from the encrypted data back to the plaintext.

There are some properties of hashing that make it incredibly useful. The same plain text put through the same hashing algorithm will always produce the same encrypted data. However, if even one bit of the plaintext is changed, the resulting hash will be completely different. Similarly, with a good hashing algorithm, two different pieces of plaintext can not work out to the same hash

Hashing

68

(B3, Pg70-71) What is the name of the file that a web server uses to tell search engines to avoid certain locations?

A)robots.txt B)my.conf C)index.html D)admin.php

HINT This file can be used by web servers to direct well behaved crawling bots to avoid certain web pages hosted on the server. my. conf if a mysql configuration file. index.html is generally the first page or landing page for a site. admin.php could be an administrative page for the website but does not direct bots to bypass certain pages.

robots.txt

69

(B3, Pg70-71) What file, located in the root of a website, contains a list of web pages that should be omitted from search engine spidering?

A) robots.txt B) index.html C) spider.txt D)config.php

HINT Search engines work by first visiting a page, then visiting all links available on the page, and following all links available on those pages etc. This process is known as crawling or spidering. There is a way to opt certain pages out of being indexed by search engines, and that method is the "blank" file. This file is essentially a text file with a list of pages on a site you do not want to be indexed by a search engine. This file must live in the root of the website.

robots.txt

70

(B1, Pg370) What protocol is used to access email on an email server?

A) IMAP B) SSH C) ICMP D) BGP

HINT the "blank" protocol came after POP3, and it also solves most of the problems with POP3. It is the most common protocol in use today for accessing email on an email server. The messages remain on the server until the user specifically deletes them, and in addition, the IMAP server can track state on each email (whether is has been read, or unread for example).

IMAP

71

(B2, Pg344&346) Which tool would an attacker use to identify potentially exploitable functions in a program and their memory address locations?

A) Debugger B) Sniffer C) Proxy D) Packet analyzer

HINT A "blank" like GDB can identify a program's functions and the memory addresses they start at (the memory addresses are the ones that start 0x...)

Debugger

72
An incident handler has determined that malware is launching with local Administrator privileges when the compromised hosts starts and persists with each reboot. Which location should the incident handler check for this type of malware?

A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
B) C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C) HKLM\System\CurrentControlSet\Services

HKLM\System\CurrentControlSet\Services

73

(B3, Pg188) What is a buffer overflow?

A)Input is not properly restricted by an application and is exploited by an attacker to run code of the attacker's choosing B) Input is not properly sanitized which allows an attacker to craft queries that will cause data to be disclosed from a database C)Input is not properly limited within an iframe and an attacker redirects input that causes the browser to visit an attacker-controlled site D) Input is not restricted to a single cookie and an attacker sends a link that causes the destination site to authenticate an action

Input is not properly restricted by an application and is exploited by an attacker to run code of the attacker's choosing

74

(B3, Pg142) An attacker enters "cat /etc/passwd" into an input field on a website. Which flaw would allow the input to be executed by the web server's operating system?

A) SQL injection B) Directory traversal C)Command Injection D)Cross-Site Scripting

Command injection

75

(B3, Pg131&133) Which tool should an analyst use to perform live analysis on a host's RAM?

A) Registry B) SIEM C) Volatility D) Event Viewer

Volatility

76

Which file in the directory would considered suspicious?

A) drwxrwxr-x 2 giac giac 4.0K Jun 26 11:47 . B) drwxr-xr-x 11 giac giac 4.0K Jun 26 11:46 . . C) -rw-rw-r-- 1 giac giac 4.0k Jun 26 11:46 . . . D) -rwxrwxr-x 1 giac giac 0 Jun 26 11:47 1.txt

. . .

77

(B1, Pg306) The address below is used at which OSI layer?

6D:36:2E:93:7F:A3

A) Data Link B) Network C) Session D) Transport

Data Link

78

(B2, Pg327) Which PowerShell command string will display the contents of the file aliases.ps1 in the current directory?

A) Get-Content aliases.ps1 B) Get-ChildItems aliases.ps1 C) Read-Host aliases.ps1 D) Write-Information aliases.ps1

Get-Content aliases.ps1

79

(B2, Pg317) Which command string will display information about the "kirk: user on a Windows system?

A) net user kirk B) netsh user kirk C) net /info kirk D) netsh /info kirk

net user kirk

80

(B3, Pg9) A security analyst tells an investigator that they know a specific employee sent a message leaking proprietary information because of the type of encryption used by that employee to protect it. What feature of encryption provides the analyst with this certainty that this employee sent the message?

A) Non-repudiation B) Confidentiality C) Integrity D) Availability

Non-repudiation

81

(B3, Pg45) Which of the following risk areas are targeted by DDoS attacks?

A) Confidentiality B) Integrity C) Encryption D) Availability

HINT Understand what a DDoS attack is. (B1, Pg318)

Availiability

82

(B2, Pg368) Which component of Docker builds, runs, and delivers containers?

A) Daemon B) Image C) Hub D) Client

Daemon

83

(B3, Pg312) If malicious software (malware) infects a computer, at which level does it require the most effort to detect and remove?

A) Kernel B) System libraries C) Application code D) Local user file

HINT There are 2 types of Rootkits.

Kernel

84

(B2, Pg 349) When debugging an executable with pwndbg, what happens when a function named function_A is stepped over, instead of into?

A) The debugger executes the code within function_A and moves to the next instruction B) The debugger skips over the code within function_A and moves to the next instruction C)The debugger will stop at each line of code within function_A

The debugger executes the code within function_A and moves to the next instruction

85

(B2, Pg48) In Python, which symbol indicates the text after it is a comment?

A) # B) ; C) ! D) --

86

#(B3, Pg12) What is encryption?

Encryption is the process of converting data from one form to another

87

(B3, Pg9) What does encryption provide?

A)Authentication B)Integraty C)Non-repudiation D)All of the above

All of the above

88

(B3, Pg9) In order to encrypt data, what 3 things are necessary?

The original unencrypted message, the Encryption key, and the encryption algorithm

89

(B3, Pg9) What 3 things do you need to decrypt data?

The encrypted data, The encryption key for decryption, and the encryption algorithm

90

(B3, Pg10) What makes an encryption a strong encryption?

A) An encryption where the mathematical calculations are open to the public B) An encryption that was bought from a 3rd party C) An encryption with no mathematical calculations D) A decrypted encryption

An encryption where the mathematical calculations are open to the public

91

(B3, Pg11) What are the 2 ways to break encryption?

Find a flaw in the encryption and to guess the encryption key that was used

92

(B3, Pg12) What is the difference between encryption and encoding?

A)An encryption has an encryption key while encoding does not B) Encoding involves multiple encryption keys while encryption keys only involve one C) There is no difference between them D)They are the same thing just different names

An encryption has an encryption key while encoding does not

93

(B3, Pg13) What is Symmetric Encryption?

A) An encryption that uses the same key to decrypt and encrypt a message B) An encryption that requires both parties to be the same C) An encryption that requires two different keys to encrypt and decrypt

An encryption that uses the same key to decrypt and encrypt a message

94

(B3, Pg17) What is Asymmetric encryption?

A) A form of encryption that uses the same key to decrypt and encrypt a message B) A form of encryption that uses a public and private key to encrypt a message C) An encryption that requires both parties to be different from one another

A form of encryption that uses a public and private key to encrypt a message

95

(B3, Pg21) What form of encryption does HTTPS uses?

A) Asymmetric B) Symmetric C) Both D) Neither

Both

96

What is a hashing algorithm?

A) A utility designed to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a file or entire disk B) A form of one way encryption C)Both A and B D)Answer is not supplied

Both A and B

97

(B3, Pg22) What is considered a good hashing encryption algorithm?

A) MD5 B) SHA1 C) SHA2 D)None of the above

SHA2

98

(B3, Pg142) What is a command injection?

A flaw in a web application that takes advantage in how a web application process user input

99

(B3, Pg148) What is the best way to mitigate a Command Injection?

To program the web application without a third party entity and to sanitize the user input

100

(B3, Pg150) What is a file inclusion attack?

A result of adding resources on a page based on user input

Explore top notes

note Note
studied byStudied by 22 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 214 people
Updated ... ago
5.0 Stars(6)
note Note
studied byStudied by 5 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 15 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 7 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 1 person
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 44 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 5325 people
Updated ... ago
4.6 Stars(9)

Explore top flashcards

flashcards Flashcard62 terms
studied byStudied by 141 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard98 terms
studied byStudied by 4 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard33 terms
studied byStudied by 17 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard60 terms
studied byStudied by 27 people
Updated ... ago
4.7 Stars(7)
flashcards Flashcard35 terms
studied byStudied by 57 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard96 terms
studied byStudied by 36 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard101 terms
studied byStudied by 9 people
Updated ... ago
4.0 Stars(1)
flashcards Flashcard44 terms
studied byStudied by 15 people
Updated ... ago
5.0 Stars(2)