What is privilege escalation?

An exploit that allows a malicious actor to gain access to rights, information, or data they would normally not be able to have

A method to improve user experience

A way to enhance website performance

A technique to secure data transmission

What does it mean that HTTP is stateless?

It continuously communicates with the site or web application in a request-response cycle

It stores user data permanently

It encrypts all data automatically

How can an attacker gain privileges according to the text?

By manipulating retransmitted data

By installing antivirus software

By updating the web application

What is vertical privilege escalation?

Gaining access to something higher, such as administrative rights

Gaining access to information at the same level with a different account

Manipulating a web server account

Switching to a normal user account

What is horizontal privilege escalation?

Gaining access to information at the same level with a different account

Gaining access to something higher, such as administrative rights

Gaining access to a web server account

In the context of privilege escalation, what could happen to a web server account?

It could be manipulated to switch to a normal user account

It could be upgraded to administrative rights

It could be used to access a database

What is one method to prevent privilege escalation?

Install security updates, patches, and anti-virus software

Disable all network connections

What does ASLR stand for in computer security?

Address Space Layout Randomization

Advanced Security Layer Routing

Application Software License Renewal

Which of the following is a method to prevent HTTP exploits?

Only send session IDs to the client and keep critical info on the server

What is directory traversal?

Attempting to move from one folder to others within a system to access secure files or edit files and folders

A method to organize files in a directory

A way to delete files from a system

A technique to encrypt files on a server

In the example provided, what could happen if an attacker manipulates the file path?

The attacker may gain access to password hashes

What is the primary goal of application attacks?

To exploit vulnerabilities in applications or systems

To update software automatically

What is the main purpose of application injection attacks?

To insert and execute unauthorized commands or code

To improve application performance

To enhance user interface design

What does SQL Injection (SQLi) involve?

Injecting malicious SQL code into input fields

What is the goal of Cross-Site Scripting (XSS)?

To inject malicious scripts into web applications

To add new features to a website

What is Cross-Site Request Forgery (CSRF)?

Fooling a user's browser into making an unwanted request to a web application

A method to encrypt data on a website

A technique to improve website speed

A way to authenticate users securely

What does Command Injection involve?

Injecting malicious commands into input fields processed as system commands

Encrypting data for secure transmission

Creating secure user authentication methods

Optimizing database queries for performance

What is the target of LDAP Injection?

Lightweight Directory Access Protocol (LDAP) queries

What is the purpose of XPath Injection?

To inject malicious XPath expressions for XML data processing

To improve search engine optimization

To create user-friendly interfaces

Which of the following is a method to mitigate application injection?

Implement insecure coding practices

What is the purpose of having input checks or validation in application security?

To ensure inputs are safe and expected

To allow all inputs without restriction

How can firewalls help in application injection mitigation?

By detecting and preventing intrusions

By allowing all network traffic

By disabling security protocols

Why are regular security and coding checks important?

They make the system less secure

They increase the risk of attacks

What is a buffer overflow attack?

An attack that happens when data overflows a buffer capacity

An attack that occurs when data is deleted from a buffer

An attack that encrypts data in a buffer

An attack that compresses data in a buffer

What can result from inserting more data into a variable than it can hold?

Overwriting adjacent memory addresses

What is Cross-site request forgery (XSRF or CSRF)?

An impersonation of a user performing an action on a website

A method to secure websites from attacks

A way to log users out of secure sites

A technique to encrypt user data

What does an attacker set up to perform a CSRF attack?

A malicious link or site with a false request

What does CSRF stand for in the context of request forgery?

Client Security Request Forgery

What is a characteristic of server-side request forgery?

It alters the server’s behavior

It improves client-side graphics

It enhances user interface design

It increases server storage capacity

What is directory traversal?

Attempting to move from one folder to others within a system to access secure files

A method to organize files in a directory

A way to delete files from a system

In the example provided, what could happen if an attacker uses directory traversal on a Linux-based system?

The attacker may gain access to password hashes

The system will automatically update

The attacker will be logged out

What is the purpose of application security?

To protect applications from security threats

To enhance user interface design

What is the importance of application security?

Enhancing resilience against cyber threats

What is a key implementation step in input validation?

Enforce strict validation rules

Cyber Unit 3 Review Part 5

Authored by Nathan Krahn

Computers

9th Grade

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

53 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a session in the context of web applications?

The time a user is authenticated and interacts with a web application

The time a user spends on a website without logging in

The duration of a user's internet connection

The period when a user downloads files from a server

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What happens during a session replay attack?

An attacker captures the session ID and acts as the user

An attacker deletes the user's session data

An attacker sends spam emails to the user

An attacker changes the user's password

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the purpose of hashing a password when a user logs into a system?

To store the password in plaintext

To compare the hash to the stored hash

To encrypt the password for email

To send the password to the user

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What does an attacker do in a "pass the hash" attack?

Encrypts the password

Captures the hash to gain access

Changes the password

Deletes the user account

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a nonce in the context of defending against replay attacks?

A type of malware

A numerical value associated with the packet

A password

A firewall setting

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How is a common nonce typically generated?

Randomly from a list of words

By using a combination of the date and time

By repeating the same number

By using a fixed number

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What happens to a packet if a replay of the same packet occurs and a nonce is used?

It is accepted and processed

It is ignored and logged

It is discarded once the nonce is checked

It is sent back to the sender

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

55 questions

Quarter 1 - LONG QUIZ

Quiz

•

7th - 9th Grade

50 questions

MOS WORD 2016

Quiz

•

9th Grade

51 questions

Soal Pilihan Ganda informatika

Quiz

•

9th - 12th Grade

50 questions

ULANGAN HARIAN TEKNIK PENGOLAHAN AUDIO DAN VIDEO

Quiz

•

1st - 12th Grade

50 questions

CSS 9- 4th Examination

Quiz

•

9th Grade

52 questions

Latihan ASAS GASAL 2425

Quiz

•

9th - 12th Grade

51 questions

打字常识

Quiz

•

9th Grade

48 questions

STARTER - 1D Array Test

Quiz

•

9th - 12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Computers

10 questions

Exploring Cybersecurity Techniques and Threats

Interactive video

•

6th - 10th Grade