IT395 Ch 3
Unlock all answers in this set
Unlock answersquestion
A ____ attack is similar to a passive man-in-the-middle attack
answer
replay
question
A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.
answer
drive-by-download
question
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.
answer
session
question
A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.
answer
markup language
question
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.
answer
False
question
All Web traffic is based on the ____________________ protocol.
answer
HTTP
question
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
answer
True
question
Because of the minor role it plays, DNS is never the focus of attacks
answer
False
question
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
answer
False
question
For a Web server's Linux system, the default root directory is typically ____.
answer
/var/www
question
HTML is a markup language that uses specific ____ embedded in brackets.
answer
tags
question
Exploits previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks.
answer
Zero day attack
question
Injects scripts into a Web application server that will then direct attacks at clients
answer
Cross-site scripting (XSS) attack
question
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
answer
Directory traversal attack
question
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
answer
Command injection
question
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
answer
Client-side attack
question
Created from the Web site that a user is currently viewing
answer
First-party cookie
question
Privileges that are granted to users to access hardware and software resources
answer
Access rights
question
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
answer
Privilege escalation
question
An attack involving using a third party to gain access rights.
answer
Transitive access
question
The "omnipresence" of access from any computer with only an Internet connection and a Web browser has made Web applications an essential element of organizations today.
answer
True
question
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.
answer
DNS poisoning
question
The SQL injection statement ____ determines the names of different fields in a database.
answer
whatever' AND email IS NULL; --
question
The SQL injection statement ____ discovers the name of a table.
answer
whatever' AND 1=(SELECT COUNT(*) FROM tabname); --
question
The SQL injection statement ____ erases the database table.
answer
whatever'; DROP TABLE members; --
question
The SQL injection statement ____ finds specific users
answer
whatever' OR full_name LIKE '%Mia%'
question
The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.
answer
HTTP header
question
The ____________________ directory is a specific directory on a Web server's file system.
answer
root
question
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.
answer
C:Inetpub wwwroot
question
The expression ____ up one directory level.
answer
../ traverses
question
The predecessor to today's Internet was a network known as ____________________.
answer
ARPAnet
question
Users who access a Web server are usually restricted to the ____ directory.
answer
root
question
Web application attacks are considered ____ attacks.
answer
server-side
question
When DNS servers exchange information among themselves it is known as a ____.
answer
zone transfer
question
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____.
answer
DNS
question
____ is a language used to view and manipulate data that is stored in a relational database.
answer
SQL
question
____ is an attack in which an attacker attempts to impersonate the user by using his session token.
answer
Session hijacking
question
____ is designed to display data, with the primary focus on how the data looks.
answer
HTML
question
____ is for the transport and storage of data, with the focus on what the data is.
answer
XML
question
____ substitutes DNS addresses so that the computer is automatically redirected to another
answer
DNS poisoning
