CHAPTER 6 ASSESSMENT

  1. One way to verify if a system is attacked by a brute-force attack is to periodically check the log files.

    1. True
    2. False

  2. Content spoofing tactics often include which of the following?

    1. Spam email links
    2. Forum links
    3. Chatroom links
    4. A and C
    5. All of these are correct

  3. XSS attacks are the same as CSRF attacks.

    1. True
    2. False

  4. Which of the following attacks involve the use of CR and LF characters? (Select two.)

    1. HTTP request smuggling
    2. HTTP response smuggling
    3. HTTP request splitting
    4. HTTP response splitting

  5. A common path traversal attack uses which syntax sequence to attempt to locate restricted areas on a server?

    1. ../
    2. *.*/
    3. CR
    4. LF

  6. During a session fixation attack, which of the following is not a way an attacker obtains a valid session identifier?

    1. Prediction
    2. Capture
    3. Fixation
    4. Spoofing

  7. Which of the following is not an actual XML-related attack?

    1. XML attribute blowup
    2. XML internal entities
    3. XML entity expression
    4. XML injection

  8. Which of the following are website weaknesses discussed in this chapter?

    1. OS commanding
    2. Improper file system permissions
    3. Insufficient authentication
    4. Fingerprinting
    5. All of these are correct

  9. Applications hardening is the process of securing applications in use on a network.

    1. True
    2. False

  10. To avoid improper input handling, which approaches can you use when handling user input? (Select three.)

    1. Stripping
    2. Sanitization
    3. Rejecting known bad input
    4. Accepting only known good input
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset