Comptia Security+ Understanding Application Attacks and security

Which of the following accurately describes a SQL injection attack? Options: An attacker exhaustively tries every possible combination of input to a system in order to bypass its security measures, An attacker exploits vulnerabilities in a web application's authentication mechanism to gain unauthorized access, An attacker injects malicious SQL code into a web application's database query to manipulate its behavior, An attacker intercepts and modifies data between a client and a server, An attacker analyzes network traffic to capture and replay authentication credentials

What is the main purpose of a cross-site scripting (XSS) attack?

Which of the following is a characteristic of a zero-day exploit? Options: It is a type of social engineering attack that tricks users into revealing their login credentials, It targets a vulnerability that is already known and for which a patch has been released, It uses cryptographic techniques to guess or reverse engineer passwords, It takes advantage of a software vulnerability that has not yet been discovered or patched, It exploits vulnerabilities in a network's protocols to gain unauthorized access

Which techniques can mitigate the risk of a distributed denial of service (DDoS) attack? Options: Secure coding practices and input validation, Traffic filtering and rate limiting at the network level, Intrusion detection and prevention systems, Encryption and public key infrastructure, Network segmentation and access control lists

Which of the following correctly defines privilege escalation? Options: An attacker manipulates a web application's user interface to perform unauthorized actions on a web server, An attacker gains unauthorized access to a system by exploiting vulnerabilities in its network protocols, An attacker injects malicious SQL code into a web application's database query to manipulate its behavior, An attacker intercepts and modifies data between a client and a server, An attacker gains additional privileges or access rights in a system beyond what they were originally granted

What is the main objective of a DNS spoofing attack?

What is the main purpose of input validation in an application's security?

Which of the following accurately describes a phishing attack? Options: An attacker manipulates a web application's user interface to perform unauthorized actions on a web server, An attacker intercepts and modifies data between a client and a server, An attacker gains unauthorized access to a system by exploiting vulnerabilities in its network protocols, An attacker captures network traffic to eavesdrop on sensitive information transmitted between two parties, An attacker sends fraudulent emails or messages to deceive users and obtain their sensitive information

Which of the following accurately describes a man-in-the-middle (MITM) attack? Options: An attacker injects malicious code into a web application and executes it on other users' browsers, An attacker intercepts and modifies data between a client and a server, An attacker captures network traffic to eavesdrop on sensitive information transmitted between two parties, An attacker gains unauthorized access to a system by exploiting vulnerabilities in its network protocols, An attacker manipulates a web application's user interface to perform unauthorized actions on a web server

What is the main goal of a buffer overflow attack?