Question 1

The SQL injection statement ____ erases the database table.&#10;A) whatever'; DROP TABLE members; --&#10;B) whatever'; DELETE TABLE members; --&#10;C) whatever'; UPDATE TABLE members; --&#10;D) whatever'; RENAME TABLE members; --

Accepted Answer

The SQL injection statement "whatever'; DROP TABLE members; --" will delete the entire database table, whereas the other options will not achieve the same result.

Question 2

The SQL injection statement ____ discovers the name of a table.&#10;A) whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); --&#10;B) whatever' AND 1=(SELECT COUNT(*) FROM tabname); --&#10;C) whatever; AND 1=(SELECT COUNT(*) FROM tabname); --&#10;D) whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --

Accepted Answer

The correct SQL injection statement uses a single quote (') to terminate the string and execute the SQL command.

Question 3

Users who access a Web server are usually restricted to the ____ directory.&#10;A) top&#10;B) base&#10;C) root&#10;D) tap

Accepted Answer

The root directory is the top-level directory in a Linux file system and is denoted by a forward slash (/). It is also the directory where the web server keeps its files, such as HTML, CSS, and JavaScript. Users are usually restricted to this directory to prevent them from accessing sensitive system files or other users' files.

Question 4

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.

Accepted Answer

The answer of ARP poisoning is successful because there are...

Question 5

____ is a language used to view and manipulate data that is stored in a relational database.&#10;A) C&#10;B) DQL&#10;C) SQL&#10;D) ISL

Accepted Answer

SQL (Structured Query Language) is specifically designed for managing relational databases. It allows users to create, modify and query the data in a database. Option A (C) and Option B (DQL) are not suited for this specific purpose. Option D (ISL) is not a commonly known programming language.

Question 6

A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.&#10;A) buffer overflow&#10;B) drive-by-download&#10;C) denial of service&#10;D) stack underflow

Accepted Answer

A drive-by-download is a type of client-side attack where a user's computer is compromised simply by visiting a website, without any action on their part such as clicking on a link or downloading a file. This is typically achieved through the exploitation of vulnerabilities in the user's web browser or other software running on their computer, allowing malware or other malicious code to be downloaded and executed without their knowledge or consent. Buffer overflows and stack underflows are types of memory-related vulnerabilities that can be exploited by attackers, while denial of service attacks are focused on disrupting the availability of a targeted system or network.

Question 7

____ is designed to display data, with the primary focus on how the data looks.&#10;A) XML&#10;B) HTML&#10;C) SGML&#10;D) ISL

Accepted Answer

HTML (Hypertext Markup Language) is designed to display data, with a primary focus on how the data looks. It is used to structure content on web pages and can be used to control the appearance of text, images, and other web page elements. XML (Extensible Markup Language) is primarily used to describe and share data, and SGML (Standard Generalized Markup Language) is a more complex markup language used mainly by large organizations and government agencies. ISL is not a markup language and does not relate to data display or structure.

Question 8

____ is for the transport and storage of data, with the focus on what the data is.&#10;A) XML&#10;B) HTML&#10;C) SGML&#10;D) SML

Accepted Answer

XML (Extensible Markup Language) is designed for the transport and storage of data, focusing on what the data is, rather than how it is displayed.

Question 9

Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.

Accepted Answer

While XSS is a widely known attack, the number of Web sites that are vulnerable to it is still quite significant. Many websites, including major ones, have been compromised by XSS attacks.

Question 10

The &#34;omnipresence&#34; of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today.

Accepted Answer

The statement is true. The ease of access provided by web applications has made them an integral part of many organizations.

Question 11

The expression ____ up one directory level.&#10;A) ;/traverses&#10;B)./traverses&#10;C) %20/traverses&#10;D)../ traverses

Accepted Answer

The answer of The expression ____ up one directory level.&#10;A)...

Question 12

For a Web server's Linux system, the default root directory is typically ____.&#10;A) /var/www&#10;B) C:\inetpub\wwwroot&#10;C) /var/root&#10;D) /home/root

Accepted Answer

The answer of For a Web server's Linux system, the...

Question 13

The SQL injection statement ____ determines the names of different fields in a database.&#10;A) whatever AND email IS NULL; --&#10;B) whatever; AND email IS NULL; --&#10;C) whatever&#34; AND email IS NULL; --&#10;D) whatever' AND email IS NULL; --

Accepted Answer

The answer of The SQL injection statement ____ determines the...

Question 14

HTML is a markup language that uses specific ____ embedded in brackets.&#10;A) blocks&#10;B) marks&#10;C) taps&#10;D) tags

Accepted Answer

The answer of HTML is a markup language that uses...

Question 15

Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.

Accepted Answer

The answer of Although traditional network security devices can block...

Question 16

Because of the minor role it plays, DNS is never the focus of attacks.

Accepted Answer

The answer of Because of the minor role it plays,...

Question 17

The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.&#10;A) HTTP header&#10;B) HTML header&#10;C) XML header&#10;D) SSL header

Accepted Answer

The answer of The ____ is part of an HTTP...

Question 18

The SQL injection statement ____ finds specific users.&#10;A) whatever' OR full_name = '%Mia%'&#10;B) whatever' OR full_name IS '%Mia%'&#10;C) whatever' OR full_name LIKE '%Mia%'&#10;D) whatever' OR full_name equals '%Mia%'

Accepted Answer

The answer of The SQL injection statement ____ finds specific...

Question 19

The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.&#10;A) /var/www&#10;B) C:\Inetpub\ wwwroot&#10;C) /var/html&#10;D) /etc/var/www

Accepted Answer

The answer of The default root directory of the Microsoft...

Question 20

Web application attacks are considered ____ attacks.&#10;A) client-side&#10;B) hybrid&#10;C) server-side&#10;D) relationship

Accepted Answer

The answer of Web application attacks are considered ____ attacks.&#10;A)...

Question 21

Why would you want to limit access to the root directory of a Web server?

Accepted Answer

The answer of Why would you want to limit access...

Question 22

When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.&#10;A) HTTP&#10;B) NSDB&#10;C) URNS&#10;D) DNS

Accepted Answer

The answer of When TCP/IP was developed, the host table...

Question 23

The ____________________ directory is a specific directory on a Web server's file system.

Accepted Answer

The answer of The ____________________ directory is a specific directory...

Question 24

List three of the most common Web application attacks.

Accepted Answer

The answer of List three of the most common Web...

Question 25

A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.

Accepted Answer

The answer of A(n) ____________________ cookie is stored in Random...

Question 26

Describe how to harden a Web server.

Accepted Answer

The answer of Describe how to harden a Web server....

Question 27

____ substitutes DNS addresses so that the computer is automatically redirected to another device.&#10;A) DNS poisoning&#10;B) Phishing&#10;C) DNS marking&#10;D) DNS overloading

Accepted Answer

The answer of ____ substitutes DNS addresses so that the...

Question 28

A ____ attack is similar to a passive man-in-the-middle attack.&#10;A) replay&#10;B) hijacking&#10;C) denial&#10;D) buffer overflow

Accepted Answer

The answer of A ____ attack is similar to a...

Question 29

Describe a cross-site scripting (XSS) attack.

Accepted Answer

The answer of Describe a cross-site scripting (XSS) attack....

Question 30

All Web traffic is based on the ____________________ protocol.

Accepted Answer

The answer of All Web traffic is based on the...

Question 31

____ is an attack in which an attacker attempts to impersonate the user by using his session token.&#10;A) Session replay&#10;B) Session spoofing&#10;C) Session hijacking&#10;D) Session blocking

Accepted Answer

The answer of ____ is an attack in which an...

Question 32

When DNS servers exchange information among themselves it is known as a ____.&#10;A) resource request&#10;B) zone disarticulation&#10;C) zone transfer&#10;D) zone removal

Accepted Answer

The answer of When DNS servers exchange information among themselves...

Question 33

The predecessor to today's Internet was a network known as ____________________.

Accepted Answer

The answer of The predecessor to today's Internet was a...

Question 34

What does a user need to perform a directory traversal attack?

Accepted Answer

The answer of What does a user need to perform...

Question 35

Describe a drive-by-download attack.

Accepted Answer

The answer of Describe a drive-by-download attack....

Question 36

A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.

Accepted Answer

The answer of A(n) ____________________ is a method for adding...

Question 37

The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.&#10;A) DNS spooking&#10;B) DNS poisoning&#10;C) DNS bonding&#10;D) DNS blacklisting

Accepted Answer

The answer of The Chinese government uses _____ to prevent...

Question 38

Explain the HTTP header referrer attack.

Accepted Answer

The answer of Explain the HTTP header referrer attack....

Question 39

Describe the differences between XML and HTML.

Accepted Answer

The answer of Describe the differences between XML and HTML....

Question 40

Describe the two types of privilege escalation.

Accepted Answer

The answer of Describe the two types of privilege escalation....

Question 41

Explain the approach attackers use against DNS servers.

Accepted Answer

The answer of Explain the approach attackers use against DNS...

Question 42

Match between columns&#10;                        Premises: Created from the Web site that a user is currently viewing&#10;Created from the Web site that a user is currently viewing&#10;Created from the Web site that a user is currently viewing&#10;Created from the Web site that a user is currently viewing&#10;Created from the Web site that a user is currently viewing&#10;Created from the Web site that a user is currently viewing&#10;Created from the Web site that a user is currently viewing&#10;Created from the Web site that a user is currently viewing&#10;Created from the Web site that a user is currently viewing&#10;Privileges that are granted to users to access hardware and software resources&#10;Privileges that are granted to users to access hardware and software resources&#10;Privileges that are granted to users to access hardware and software resources&#10;Privileges that are granted to users to access hardware and software resources&#10;Privileges that are granted to users to access hardware and software resources&#10;Privileges that are granted to users to access hardware and software resources&#10;Privileges that are granted to users to access hardware and software resources&#10;Privileges that are granted to users to access hardware and software resources&#10;Privileges that are granted to users to access hardware and software resources&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;Targets vulnerabilities in client applications that interact with a compromised server or process malicious data&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server&#10;An attack involving using a third party to gain access rights.&#10;An attack involving using a third party to gain access rights.&#10;An attack involving using a third party to gain access rights.&#10;An attack involving using a third party to gain access rights.&#10;An attack involving using a third party to gain access rights.&#10;An attack involving using a third party to gain access rights.&#10;An attack involving using a third party to gain access rights.&#10;An attack involving using a third party to gain access rights.&#10;An attack involving using a third party to gain access rights.&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Injects scripts into a Web application server that will then direct attacks at clients&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining&#10;Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining

Accepted Answer

The Answer of Zero day attack and Cross-site scripting (XSS) is...

Deck 3: Application and Network Attacks