Comptia Security+

Which of the following accurately describes a SQL injection attack? Options: An attacker exhaustively tries every possible combination of input to a system in order to bypass its security measures, An attacker exploits vulnerabilities in a web application's authentication mechanism to gain unauthorized access, An attacker injects malicious SQL code into a web application's database query to manipulate its behavior, An attacker intercepts and modifies data between a client and a server, An attacker analyzes network traffic to capture and replay authentication credentials

What is the main purpose of a cross-site scripting (XSS) attack?

Which of the following is a characteristic of a zero-day exploit? Options: It is a type of social engineering attack that tricks users into revealing their login credentials, It targets a vulnerability that is already known and for which a patch has been released, It uses cryptographic techniques to guess or reverse engineer passwords, It takes advantage of a software vulnerability that has not yet been discovered or patched, It exploits vulnerabilities in a network's protocols to gain unauthorized access

Which techniques can mitigate the risk of a distributed denial of service (DDoS) attack? Options: Secure coding practices and input validation, Traffic filtering and rate limiting at the network level, Intrusion detection and prevention systems, Encryption and public key infrastructure, Network segmentation and access control lists

Which of the following correctly defines privilege escalation? Options: An attacker manipulates a web application's user interface to perform unauthorized actions on a web server, An attacker gains unauthorized access to a system by exploiting vulnerabilities in its network protocols, An attacker injects malicious SQL code into a web application's database query to manipulate its behavior, An attacker intercepts and modifies data between a client and a server, An attacker gains additional privileges or access rights in a system beyond what they were originally granted

What is the main objective of a DNS spoofing attack?

What is the main purpose of input validation in an application's security?