Exam (elaborations)
Lesson 14. Summarizing Secure Application Concepts Questions and Answers
- Course
- Institution
Lesson 14. Summarizing Secure Application Concepts
[Show more]
Content preview
Lesson 14. Summarizing SecureApplication Concepts
Analyze types of vulnerabilities and summarize a zero-day exploit. - answer A
vulnerability that is capitalized on before the developer knows about it.
Which of the following is a common solution that protects an application from behaving
in an unexpected way when passing invalid data through an attack? - answer Input
Validation
A system administrator is working to restore a system affected by a stack overflow.
Analyze the given choices and determine which overflow vulnerability the attacker
exploited. - answer An attacker changes the return address of an area of memory used
by a program subroutine.
A threat actor programs an attack designed to invalidate memory locations to crash
target systems. Which statement best describes the nature of this attack? - answer The
attacker programmed a null pointer dereferencing exception.
Which method might an attacker use to redirect login via information gained by
implementing JavaScript on a webpage the user believes is legitimate? -
answerClickjacking
Compare and contrast the types of Cross-Site Scripting (XSS) attacks, and select the
option that accurately distinguishes between them. - answerReflected and stored XSS
attacks exploit server-side scripts, while the DOM is used to exploit vulnerabilities in
client-side scripts.
An attacker finds a way to exploit a vulnerability in a target application that allows the
attacker to bypass a password requirement. Which method did the attacker most likely
use? - answerThe attacker added LDAP filters as unsanitized input by creating a
condition that is always true.
Analyze the following statements and select the statement which correctly explains the
difference between cross-site scripting (XSS) and cross-site request forgery (XSRF). -
answerXSRF spoofs a specific request against the web application, while XSS is a
means of running any arbitrary code.
Which type of attack disguises the nature of malicious input, preventing normalization
from stripping illegal characters? - answerCanonicalization
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
85169 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now