1. When a driver is no longer compatible, software developers can use application _____ to make the...
Question:
1. When a driver is no longer compatible, software developers can use application _____ to make the driver backwards compatible. Hackers can also use this to trick the OS into behaving like an earlier, less secure version.
A. replay attack
B. refactoring
C. shimming
D. pass the hash attack
2. A/an _____ exploits the client’s computer, such as targeting weakness in a browser on the user’s computer.
A. SSRF
B. API attack
C. client-side request forgery
D. cross-site request forgery
3. Improper error handling includes _____.
A. recording the details of a program crash in a log file
B. giving a user-friendly error message when a program crashes
C. letting a program crash and displaying error information
D. writing code, so that the program does not crash
4. What attack captures communication between two devices and repeats a user’s credentials to gain access?
A. replay attack
B. collision attack
C. brute force attack
D. downgrade attack
5. What is NOT a way to prevent a replay attack?
A. encrypt network traffic
B. salting the password
C. timestamps
D. use an authentication token that never expires
6. _____ happens when an attacker inputs so much data into an application that the data spills over into parts of memory that the application developers (programmers) did not anticipate.
A. DLL injection attack
B. buffer overflow attack
C. race condition attack
D. directory traversal attack
7. _____ can leave a system open to attacks such as buffer overflow attacks, SQL injection, command injection, and cross-site scripting attacks.
A. race condition
B. time-of-check to time-of-use (TOCTOU)
C. pointer/object dereference
D. improper input handling
8. What is an attack where the hacker gets into folders that they are not supposed to have access to?
A. Program crash
B. Buffer overflow
C. Race condition
D. Directory traversal
9. What attack happens when an attacker captures the user’s session ID and reuses the session ID to impersonate the user?
A. collision attack
B. brute force attack
C. downgrade attack
D. session replay attack
10. _____ includes letting a program crash and displaying error information.
A. Improper error handling
B. Replay attack
C. Proper error handling
D. Memory leak
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord