What criteria must be met for an XSS attack to occur on a specific website quizlet?
|
Scheduled maintenance: Saturday, September 10 from 11PM to 12AM PDT Show
Home Subjects Expert solutions Create Log in Sign up Upgrade to remove ads Only SGD 41.99/year
Terms in this set (40)A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it. True A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer. False Traditional network security devices can block traditional network attacks, but they cannot always block web application attacks. True The return address is the only element that can be altered in a buffer overflow attack. False JavaScript cannot create separate stand-alone applications. True XSS is like a phishing attack but without needing to trick the user into visiting a malicious website. True Securing web applications is easier than protecting other systems. False The malicious content of an XSS URL is confined to material posted on a website False A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. True In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow. True What type of attack intercepts communication between parties to steal or manipulate the data? C. Man-in-the-browser What protocol can be used by a host on a network to find the MAC address of another device based on an IP address? B. ARP What two locations can be a target for DNS poisoning? (Choose all that apply.) A. Local Host Table What type of additional attack does ARP spoofing rely on? D. MAC Spoofing What type of privileges to access hardware and software resources are granted to users or devices? C. Access rights When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack? C. Denial of service Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer? D. Smurf Attack An attack that takes advantage of the procedures for initiating a session is known as what type of attack? D. SYN flood attack What are the two types of cross-site attacks? (Choose all that apply.) B. Cross-site sripting attacks What language below is used to view and manipulate data that is stored in a relational database? C. SQL Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database? D. whatever' AND email IS NULL; -- Choose the SQL injection statement example below that could be used to find specific users: C. whatever' OR full_name LIKE '%Mia%' Which SQL injection statement example below could be used to discover the name of the table? B. whatever' AND 1=(SELECT COUNT(*) FROM tabname); -- An attack in which the attacker attempts to impersonate the user by using his or her session token is known as: C. Session hijacking Which type of attack below is similar to a passive man-in-the-middle attack? A. replay When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service: D. DNS How can an attacker substitute a DNS address so that a computer is automatically redirected to another device? A. DNS poisoning The exchange of information among DNS servers regarding configured zones is known as: C. Zone transfer On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred? A. Privilege escalation What type of web server application attacks introduce new input to exploit a vulnerability? D. Injection attacks What specific ways can a session token be transmitted? (Choose all that apply.) A. In the URL If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known website in order for the attacker to gain Web traffic to generate income, what type of attack are they using? B. URL hijacking What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor? D. Domain hijacking When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the Web ads, what type attack is being performed? C. Malvertising What technology expands the normal capabilities of a web browser for a specific webpage? A. Extensions Which of the following are considered to be interception attacks? (Choose all that apply.) C. man-in-the-middle Where are MAC addresses stored for future reference? C. ARP Cache What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks? A. ARP Poisoning What type of attack is being performed when multiple computers overwhelm a system with fake requests? A. DDoS What criteria must be met for an XXS attack to occur on a specific website? B. The website must accept user input without validating it and use that input in a response. Sets with similar termsIntro to Network Security sixth ed chapter 542 terms Connollykb Intro to Network Security sixth ed chapter 542 terms david_ellis43 Security+ Attack Types and Terms!!73 terms SeanCerts Sets found in the same folderSecurity - Chapter 640 terms vanessabl18 Security - Chapter 340 terms vanessabl18 Security - Chapter 840 terms vanessabl18 Security - Chapter 440 terms vanessabl18 Other sets by this creatorNetwork+ Guide to Networks - Chapter 1140 terms vanessabl18 Network+ Guide to Networks - Chapter 1340 terms vanessabl18 Ch 1529 terms vanessabl18 Network+ Chapter 1440 terms vanessabl18 Verified questions
SOCIOLOGY A challenge that modern presidents face is leading their political party. issuing executive orders. recognizing foreign nations. granting pardons. Verified answer
SOCIOLOGY Which of the following figures is the world’s population most likely to reach before it stops growing? a. four billion b. eight billion c. eleven billion d. twenty-five billion Verified answer
SOCIOLOGY According to conflict theorist, the power elite control many aspects of politics and society at large. A recent book examined the diversity of the power elite – how many women and minorities are in its membership. Discuss the extent to which you think women and minorities are represented in the power elite. Verified answer
SOCIOLOGY Both a sociologist and a psychologist would be interest in the ACT (achievement) and SAT (assessment) test scores of high school students. Consider how the scientific interest of the sociologist would differ from the similarities and contrast the differences. Verified answer Other Quizlet setsMechanics and Classification of Athletic Injuries82 terms holly_caudill International Law11 terms justin-1985 Independent and Dependent Variables20 terms Jennifer_Nussman9TEACHER NHA study guide181 terms brandi_craft Related questionsQUESTION Fraud perpetrators threaten to harm a company if it does not pay a specified amount of money. what is this computer fraud technique called? 9 answers QUESTION If one of the links to a computer on a star topology is severed, what will be the result? 5 answers QUESTION You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person to take over all accounting responsibilities to catch any irregularities 12 answers QUESTION Economic activities, socialization, education, social control, religion, and preservation and transmission of culture 3 answers What does crossCross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other.
How does a crossHow does a XSS operate? An attacker would exploit a vulnerability within a website or web application that the victim would visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim's browser.
What is XSS quizlet?What is Cross-Site Scripting (XSS) attacks? They are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.
Which refers to an attack in which the attacker attempts to impersonate the user by using his or her session token?A session hijacking attack can be best defined as a successful attempt of an attacker to take over your web session. An attacker can impersonate an authorized user to gain access to a domain, server, website, web application, or network to which access is restricted through this type of attack.
|
