CompTIA Security+ Question C-19

An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?

A. SQL injection
B. Cross-site scripting
C. Command injection
D. LDAP injection

Answer: D

Explanation:
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection. In a page with a user search form, the following code is responsible to catch input value and generate a LDAP query that will be used in LDAP database. Insert the username The LDAP query is narrowed down for performance and the underlying code for this function might be the following: String ldapSearchQuery = “(cn=” + $userName + “)”; System.out.println(ldapSearchQuery);

If the variable $userName is not validated, it could be possible accomplish LDAP injection, as follows: If a user puts “*” on box search, the system may return all the usernames on the LDAP base If a user puts “jonys) (| (password = * ) )”, it will generate the code bellow revealing jonys’ password ( cn = jonys ) ( | (password = * ) )

CompTIA Security+ Question B-51

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90).
Which of the following attack types has occurred?

A. Buffer overflow
B. Cross-site scripting
C. XML injection
D. SQL injection

Answer: A

Explanation:
Explanation The hex character 90 (x90) means NOP or No Op or No Operation. In a buffer overflow attack, the buffer can be filled and overflowed with No Op commands. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

CompTIA Security+ Question B-6

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;–” and “or 1=1 –“) were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

A. The user is attempting to highjack the web server session using an open-source browser.
B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.
D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

Answer: D

Explanation:
The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

CompTIA Security+ Question A-68

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

A. Rogue access point
B. Zero day attack
C. Packet sniffing
D. LDAP injection

Answer: D

Explanation:
A directory service is accessed by using LDAP (Lightweight Directory Access Protocol). LDAP injection is an attack against a directory service. Just as SQL injection attacks take statements that are input by users and exploit weaknesses within, an LDAP injection attack exploits weaknesses in LDAP (Lightweight Directory Access Protocol) implementations. This can occur when the user’s input is not properly filtered, and the result can be executed commands, modified content, or results returned to unauthorized queries. The best way to prevent LDAP injection attacks is to filter the user input and to use a validation scheme to make certain that queries do not contain exploits. One of the most common uses of LDAP is associated with user information. Numerous applications exist—such as employee directories—where users find other users by typing in a portion of their name. These queries are looking at the cn value or other fields (those defined for department, home directory, and so on). Someone attempting LDAP injection could feed unexpected values to the query to see what results are returned. All too often, finding employee information equates to finding usernames and values about those users that could be portions of their passwords.

CompTIA Security+ Question A-46

One of the most consistently reported software security vulnerabilities that leads to major exploits is:

A. Lack of malware detection.
B. Attack surface decrease.
C. Inadequate network hardening.
D. Poor input validation.

Answer: D

Explanation:
D: With coding there are standards that should be observed. Of these standards the most fundamental is input validation. Attacks such as SQL injection depend on unfiltered input being sent through a web application. This makes for a software vulnerability that can be exploited. There are two primary ways to do input validation: client-side validation and server-side validation. Thus with poor input validation you increase your risk with regard to exposure to major software exploits.

CompTIA Security+ Question A-38

After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window:




Which of the following has MOST likely occurred?

A. SQL injection
B. Cookie stealing
C. XSRF
D. XSS

Answer: C

Explanation:
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user’s knowledge.

CompTIA Security+ Question A-37

A malicious individual is attempting to write too much data to an application’s memory. Which of the following describes this type of attack?

A. Zero-day
B. SQL injection
C. Buffer overflow
D. XSRF

Answer: C

Explanation:
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

CompTIA Security+ Question A-2

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

A. NoSQL databases are not vulnerable to XSRF attacks from the application server.
B. NoSQL databases are not vulnerable to SQL injection attacks.
C. NoSQL databases encrypt sensitive information by default.
D. NoSQL databases perform faster than SQL databases on the same hardware.

Answer: B

Explanation:
NoSQL is a nonrelational database and does not use SQL. It is therefore not vulnerable to SQL injection attacks but is vulnerable to similar injection-type attacks.

CompTIA Network+ Question C-5

Packet analysis reveals multiple GET and POST requests from an internal host to a URL without any response from the server. Which of the following is the BEST explanation that describes this scenario?

A. Compromised system
B. Smurf attack
C. SQL injection attack
D. Man-in-the-middle

Correct Answer: A

Explanation:
As the extra unexplainable traffic comes from an internal host on your network we can assume that this host has been compromised.
If your system has been compromised, somebody is probably using your machine–possibly to scan and find other machines to compromise