CompTIA Security+ Question K-100

Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

A. SQL injection
B. Session hijacking and XML injection
C. Cookies and attachments
D. Buffer overflow and XSS

Answer: A

Explanation:
To access information in databases, you use SQL. To gain unauthorized information from databases, a SQL Injection attack is used.

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

CompTIA Security+ Question I-39

Peter, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Peter’s browser. The attacker later uses the credentials to impersonate Peter and creates SPAM messages. Which of the following attacks allows for this impersonation?

A. XML injection
B. Directory traversal
C. Header manipulation
D. Session hijacking

Answer: D

Explanation:
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer.

CompTIA Security+ Question H-65

An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?

A. Integer overflow
B. Cross-site scripting
C. Zero-day
D. Session hijacking
E. XML injection

Answer: C

Explanation:
The vulnerability is undocumented and unknown. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

CompTIA Security+ Question H-53

The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection.
Which of the following has happened on the workstation?

A. Zero-day attack
B. Known malware infection
C. Session hijacking
D. Cookie stealing

Answer: A

Explanation:
The vulnerability was unknown in that the full antivirus scan did not detect it. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

CompTIA Security+ Question F-75

A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?

A. Typo squatting
B. Session hijacking
C. Cross-site scripting
D. Spear phishing

Answer: A

Explanation:
Typosquatting, also called URL hijacking or fake url, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).

The typosquatter’s URL will usually be one of four kinds, all similar to the victim site address: (In the following, the intended website is “example.com”) A common misspelling, or foreign language spelling, of the intended site: exemple.com A misspelling based on typing errors: xample.com or examlpe.com A differently phrased domain name: examples.com A different top-level domain: example.org

Once in the typosquatter’s site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content.

CompTIA Security+ Question C-83

Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?

A. Evil twin
B. DNS poisoning
C. Vishing
D. Session hijacking

Answer: B

Explanation:
DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver’s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker’s computer (or any other computer). A domain name system server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server doesn’t know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time, so that, if it receives another request for the same translation, it can reply without having to ask the other server again. When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (in this case, the server hosting the web page with derogatory content).

CompTIA Security+ Question A-80

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?

A. MAC Spoofing
B. Session Hijacking
C. Impersonation
D. Zero-day

Answer: D

Explanation:
This question states that antivirus is up-to-date on the workstation and the firewall has not been altered. The antivirus software is up to date with all ‘known’ viruses. A zero day vulnerability is an unknown vulnerability so a patch or virus definition has not been released yet.

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

CompTIA Network+ Question A-95

The IT manager at a small firm is in the process of renegotiating an SLA with the organization’s ISP. As part of the agreement, the organization will agree to a dynamic bandwidth plan to provide 150Mbps of bandwidth. However, if the ISP determines that a host on the organization’s internal network produces malicious traffic, the ISP reserves the right to reduce available bandwidth to 1.5 Mbps. Which of the following policies is being agreed to in the SLA?

A. Session hijacking
B. Blocking
C. Throttling
D. Data usage limits
E. Bandwidth quotas

Correct Answer: C

CompTIA Network+ Question A-73

A network administrator notices that the border router is having high network capacity loads during non-working hours which is causing web services outages. Which of the following is the MOST likely cause?

A. Evil twin
B. Session hijacking
C. Distributed DoS
D. ARP cache poisoning

Correct Answer: C