10. Which attack can execute scripts in the users browserand is capable of hijacking user sessions, defacing...
Question:
10. Which attack can execute scripts in the user’s browserand is capable of hijacking user
sessions,
defacing websites or redirecting the user to malicious sites?
A. Cross site scripting.
B. Malware Uploading
C. Man in the middle
D. SQL Injection
11. Role-Based Access control helps prevent thisweakness?
A. Insufficient Transport Layer Protection
B. Security Misconfiguration
C. Failure to restrict URL Access
D. Unvalidated Redirect or Forward
12. For an indirect reference, what happens if there’s nolist of limited values authorized for a
user in the direct reference?
A. XML Injection
B. Brute Forcing of stored encrypted credentials
C. Access to sensitive data possible
D. SQL Injection
13. What threat are you vulnerable to if you do notvalidate authorization of user for direct
references to restricted resources?
A. Cross Site Request Forgery
B. Cross Site Scripting
C. Insecure Direct Object References
D. SQL Injection
14. Attack that exploits the trust that a site has in auser's browser.
A. Cross Site Request Forgery
B. SQL Injection
C. Cross Site Tracing
D. Cross Site Scripting
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord