Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?
A. Malicious logic
B. Cross-site scripting
C. SQL injection
D. Buffer overflow
CompTIA exam questions
Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?
A. Malicious logic
B. Cross-site scripting
C. SQL injection
D. Buffer overflow
Emily, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Emily runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?
A. SQL injection
B. XML injection
C. Packet sniffer
D. Proxy
Which of the following BEST describes a SQL Injection attack?
A. The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.
B. The attacker attempts to have the receiving server run a payload using programming commonly found on web servers.
C. The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage.
D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.
One month after a software developer was terminated the helpdesk started receiving calls that several employees’ computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place?
A. Logic bomb
B. Cross-site scripting
C. SQL injection
D. Malicious add-on
Data execution prevention is a feature in most operating systems intended to protect against which type of attack?
A. Cross-site scripting
B. Buffer overflow
C. Header manipulation
D. SQL injection
An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?
A. XSRF Attacks
B. Fuzzing
C. Input Validations
D. SQL Injections
Peter an application developer is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Peter filters client-side JAVA input. Which of the following is Peter attempting to prevent?
A. SQL injections
B. Watering holes
C. Cross site scripting
D. Pharming
Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following?
A. Vulnerability scanning
B. SQL injection
C. Penetration testing
D. Antivirus update
Which of the following was launched against a company based on the following IDS log?
122.41.15.252 – – [21/May/2012:00:17:20 +1200] “GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
AAA HTTP/1.1″ 200 2731 “http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209″ “Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)”
A. SQL injection
B. Buffer overflow attack
C. XSS attack
D. Online password crack
A security administrator looking through IDS logs notices the following entry: (where email=joe@joe.com and passwd= ‘or 1==1’)
Which of the following attacks had the administrator discovered?
A. SQL injection
B. XML injection
C. Cross-site script
D. Header manipulation