How can attackers capture network traffic for replay attacks?

A. By exploiting the Address Resolution Protocol (ARP)

B. By using malware to intercept packets

C. By tapping into the network like a phone tap

What is a "pass the hash" attack?

C. Intercepting password hashes and using them to gain access

A. Guessing passwords by hashing them

B. Sending hashed passwords to a server for authentication

D. Storing password hashes securely

How can developers defend against replay attacks?

By using strong authentication and access management

By keeping password hashes safe and secure

By implementing input validation and parameterized queries

What is privilege escalation?

Moving up the ladder to gain more access than intended

Gaining unauthorized access to system information

Encrypting data sent to the client to prevent exploitation

How can developers mitigate directory traversal attacks?

By validating and sanitizing file paths

By implementing strong authentication and access management

By using address space layout randomization (ASLR)

By encrypting data sent to the client

What is the primary objective of application injection attacks?

To manipulate application behavior and compromise security

To increase application performance

To generate revenue for the attacker

How does Cross-Site Scripting (XSS) attack differ from CSRF?

XSS involves injecting malicious scripts into web applications, while CSRF impersonates end users to perform actions unknowingly.

XSS manipulates XML data, while CSRF manipulates HTML data.

XSS attacks the server, while CSRF attacks the client.

XSS requires authentication credentials, while CSRF does not.

What is the goal of directory traversal attacks?

To access or edit files/folders beyond the intended directory

Which protocol is targeted in LDAP Injection attacks?

Lightweight Directory Access Protocol (LDAP)

Lightweight Data Access Protocol (LDAP)

How can application injection attacks be mitigated?

By implementing secure coding practices and input validation

By removing all input fields from the application

By increasing the number of vulnerabilities

What is the primary purpose of input validation in application security?

Preventing security threats and vulnerabilities

Optimizing code execution speed

Ensuring compatibility across devices

How do secure cookies enhance data security on a user's device?

They restrict cookies to encrypted (HTTPS) connections

They increase the size of cookies for better data storage

They allow cookies to be transmitted over unsecured connections

They prevent cookies from being stored on the device

What is static code analysis primarily used for in application development?

Reviewing and analyzing source code for security vulnerabilities

Executing code to identify runtime errors

Automating user interface testing

What does code signing ensure regarding software code?

It confirms the code's integrity and authenticity

It guarantees the code's performance

It determines the code's compatibility with different platforms

It enhances the code's readability

What is the primary purpose of sandboxing in computing?

Isolating running programs to prevent potential harm

How does sandboxing restrict the access of applications or processes?

By imposing strict access controls

By providing unlimited access to system resources

By enhancing file system access

By allowing communication with external systems

What is one benefit of controlling network access within a sandbox?

Reduced risk of unauthorized communication

Increased vulnerability to malware

Greater exposure to security threats

Why is access to the file system restricted within a sandbox?

To increase vulnerability to data breaches

What is the primary goal of monitoring in IT management?

Detecting and responding to events or issues

Maximizing resource utilization

Eliminating the need for troubleshooting

How does monitoring contribute to cybersecurity?

By analyzing logs and detecting suspicious activities

By reducing the need for security measures

By decreasing system performance

What is a buffer overflow vulnerability?

When a program writes more data to a buffer than it can handle, leading to the overflow of adjacent memory.

When a user gains unauthorized access to higher-level privileges.

Errors in the configuration of security settings.

Use of outdated communication protocols and services.

What is the primary purpose of a Denial-of-Service (DoS) attack?

To overload a system with traffic, making it slow or unresponsive.

To gain unauthorized access to sensitive data.

To execute arbitrary code on a system.

What is the term used to describe security flaws that are unknown to the software vendor and have no available patch?

File and Directory Permissions Issues

What is the primary purpose of Group Policy in operating system security?

Enforcing security settings and configurations

Providing encryption for data transfers

Detecting changes to files and file systems

What is the main function of File Integrity Monitoring?

Detecting changes to files and file systems

Preventing unauthorized access to the network

Which security measure is focused on preventing unauthorized access, sharing, or leakage of sensitive data?

Endpoint Detection and Response (EDR)

What does Network Access Control (NAC) regulate and restrict?

Access to the network based on predefined policies

Which security solution focuses on detecting and responding to security incidents at the endpoint level?

Endpoint Detection and Response (EDR)

What is the primary goal of User Behavior Analytics (UBA)?

Analyzing patterns of user behavior to identify security threats

Monitoring changes to files and file systems

What are firmware vulnerabilities?

Security flaws in hardware components

Security flaws in software components

Security flaws in network protocols

Security flaws in user authentication

What is a potential consequence of exploiting firmware vulnerabilities?

Unauthorized access to the host system

Resource reuse between virtual machines

Loss of visibility in cloud infrastructure

Legal consequences due to compliance failure

When does hardware reach its end-of-life (EOL)?

When the manufacturer stops providing support and updates

When it lacks modern security features

When it becomes incompatible with legacy hardware

When it is decommissioned properly

What is a common vulnerability associated with legacy hardware?

Lack of modern security features

How can organizations mitigate hardware vulnerabilities?

Regularly apply patches and updates to firmware

Implement strong isolation mechanisms between virtual machines

Encrypt data at rest and in transit

Use Security Information and Event Management (SIEM) systems

What is a characteristic of VM escape vulnerability?

Unauthorized access to the host system from a virtual machine

Insecure handling of virtualized resources

Weaknesses in virtualization technologies

Loss of visibility in cloud infrastructure

Study Guide: Unit 3C - Web/App Vulnerabilties

Authored by Victoria Berkowitz

Computers

11th Grade

Study Guide: Unit 3C - Web/App Vulnerabilties

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

75 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is memory injection in the context of computer security?

A. A technique to insert or manipulate code within the address space of a running process.

B. A method to enhance the functionality of a program by injecting additional memory resources.

C. A process to debug software applications by injecting code snippets into memory.

D. A mechanism to prevent unauthorized access to memory locations in a computer system.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a buffer overflow attack, and how does it occur?

A. It's a social engineering attack that exploits human habits.

B. It occurs when a buffer is filled and then extra data is added, leading to memory corruption.

C. It's a debugging technique to enhance the functionality of software applications.

D. It happens when an attacker hijacks cookies used to authenticate users on websites.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the main danger of buffer overflow attacks?

A. They can result in the theft of sensitive information.

B. They can lead to the unauthorized access of computer systems.

C. They can cause unintended behavior or system crashes by overwriting adjacent memory locations.

D. They can compromise the integrity of software updates.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How does an integer overflow attack differ from a buffer overflow attack?

A. Integer overflow attacks target numerical variables, while buffer overflow attacks target string variables.

B. Integer overflow attacks involve exceeding the capacity of numerical variables, leading to unintended results.

C. Buffer overflow attacks exploit the speed of data writing in memory, while integer overflow attacks exploit data validation processes.

D. Integer overflow attacks involve manipulating cookies, while buffer overflow attacks involve hijacking URLs.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a race condition bug, and how does it occur?

A. It's a bug that occurs when a software update contains malicious code.

B. It's a bug that arises from the race between different processes to write to shared memory.

C. It's a bug that causes buffer overflows in software applications.

D. It's a bug that occurs when an attacker exploits vulnerabilities in the update process.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a malicious update, and what risks does it pose?

A. It's a deceptive software update that may contain malware or unwanted functionalities.

B. It's an update designed to enhance the security of software applications.

C. It's an update that fixes bugs and improves the performance of software.

D. It's an update distributed through compromised update servers to improve system stability.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a replay attack?

A. A method to guess passwords by asking the user directly

B. Injecting malicious code into an application

C. Capturing and reusing network packets to gain unauthorized access

D. Exploiting vulnerabilities in the directory structure of a website

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

70 questions

Tink2

Quiz

•

11th Grade

80 questions

Financial Planning Semester Exam

Quiz

•

11th Grade

80 questions

BTEC IT Unit 1 Bumper Quiz

Quiz

•

11th Grade - University

70 questions

IGCSE CS Chapter 3

Quiz

•

11th Grade

80 questions

WAN

Quiz

•

10th - 12th Grade

77 questions

Tin học

Quiz

•

11th Grade

80 questions

Edexcel Computer Science- Topic 1&6 Part 1 (1 to 60)

Quiz

•

10th - 11th Grade

70 questions

IT103

Quiz

•

11th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

18 questions

[AP CSP] JavaScript Programming Lesson 2025-2026

Lesson

•

9th - 12th Grade