CompTIA Security+ Question F-33

One month after a software developer was terminated the helpdesk started receiving calls that several employees’ computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place?

A. Logic bomb
B. Cross-site scripting
C. SQL injection
D. Malicious add-on

Answer: A

CompTIA Security+ Question F-16

Data execution prevention is a feature in most operating systems intended to protect against which type of attack?

A. Cross-site scripting
B. Buffer overflow
C. Header manipulation
D. SQL injection

Answer: B

Explanation:
Data Execution Prevention (DEP) is a security feature included in modern operating systems. It marks areas of memory as either “executable” or “nonexecutable”, and allows only data in an “executable” area to be run by programs, services, device drivers, etc. It is known to be available in Linux, OS X, Microsoft Windows, iOS and Android operating systems. DEP protects against some program errors, and helps prevent certain malicious exploits, especially attacks that store executable instructions in a data area via a buffer overflow.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

CompTIA Security+ Question E-81

Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?

A. Intrusion Detection System
B. Flood Guard Protection
C. Web Application Firewall
D. URL Content Filter

Answer: C

Explanation:
Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.

CompTIA Security+ Question E-73

Which of the following is a common coding error in which boundary checking is not performed?

A. Input validation
B. Fuzzing
C. Secure coding
D. Cross-site scripting

Answer: A

Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

CompTIA Security+ Question E-3

Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?

A. Input validation
B. Network intrusion detection system
C. Anomaly-based HIDS
D. Peer review

Answer: A

Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

CompTIA Security+ Question D-59

A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of
192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?

A. Brute force password attack
B. Cross-site request forgery
C. Cross-site scripting
D. Fuzzing

Answer: B

Explanation:
Cross-Site Request Forgery—also known as XSRF, session riding, and one-click attack—involves unauthorized commands coming from a trusted user to the website. This is often done without the user’s knowledge, and it employs some type of social networking to pull it off. For example, assume that Evan and Spencer are chatting through Facebook. Spencer sends Evan a link to what he purports is a funny video that will crack him up. Evan clicks the link, but it actually brings up Evan’s bank account information in another browser tab, takes a screenshot of it, closes the tab, and sends the information to Spencer. The reason the attack is possible is because Evan is a trusted user with his own bank. In order for it to work, Evan would need to have recently accessed that bank’s website and have a cookie that had yet to expire. The best protection against cross-site scripting is to disable the running of scripts (and browser profi les).

CompTIA Security+ Question C-86

A security administrator looking through IDS logs notices the following entry: (where email=joe@joe.com and passwd= ‘or 1==1’)
Which of the following attacks had the administrator discovered?

A. SQL injection
B. XML injection
C. Cross-site script
D. Header manipulation

Answer: A

Explanation:
The code in the question is an example of a SQL Injection attack. The code ‘1==1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

CompTIA Security+ Question C-42

A security administrator develops a web page and limits input into the fields on the web page as well as filters special characters in output. The administrator is trying to prevent which of the following attacks?

A. Spoofing
B. XSS
C. Fuzzing
D. Pharming

Answer: B

Explanation:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user.

By validating user input and preventing special characters, we can prevent the injection of client-side scripting code.

CompTIA Security+ Question C-19

An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?

A. SQL injection
B. Cross-site scripting
C. Command injection
D. LDAP injection

Answer: D

Explanation:
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection. In a page with a user search form, the following code is responsible to catch input value and generate a LDAP query that will be used in LDAP database. Insert the username The LDAP query is narrowed down for performance and the underlying code for this function might be the following: String ldapSearchQuery = “(cn=” + $userName + “)”; System.out.println(ldapSearchQuery);

If the variable $userName is not validated, it could be possible accomplish LDAP injection, as follows: If a user puts “*” on box search, the system may return all the usernames on the LDAP base If a user puts “jonys) (| (password = * ) )”, it will generate the code bellow revealing jonys’ password ( cn = jonys ) ( | (password = * ) )

CompTIA Security+ Question B-51

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90).
Which of the following attack types has occurred?

A. Buffer overflow
B. Cross-site scripting
C. XML injection
D. SQL injection

Answer: A

Explanation:
Explanation The hex character 90 (x90) means NOP or No Op or No Operation. In a buffer overflow attack, the buffer can be filled and overflowed with No Op commands. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.