Exam #3 - Threats, Attacks, and Vulnerabilities - P.1
Nội dung: Các mối đe dọa, tấn công và lỗ hổng - Số câu: 15 - Yêu cầu: 13/15
1. You are responsible for incident response at ASV Bank. The ASV Bank website has been attacked. The attacker used the login screen, but rather than enter login credentials, they entered some odd text: ' or '1' = '1. What is the best description for this attack?
Trả lời đúng
Trả lời sai
2. Ann is deeply concerned about attacks to his company’s e-commerce server. He is particularly worried about cross-site scripting and SQL injection. Which of the following would best defend against these two specific attacks?
Trả lời đúng
Trả lời sai
3. What type of attack depends on the attacker entering JavaScript into a text area that is intended for users to enter text that will be viewed by other users?
Trả lời đúng
Trả lời sai
4. What term is used to describe spam over Internet messaging services?
Trả lời đúng
Trả lời sai
5. Marry is the security manager for a mid-sized insurance company. She receives a call from law enforcement, telling her that some computers on her network participated in a massive denial-of-service (DoS) attack. Marry is certain that none of the employees at her company would be involved in a cybercrime. What would best explain this scenario?
Trả lời đúng
Trả lời sai
6. Tom wants to detect a potential insider threat using his security information and event management (SIEM) system. What capability best matches his needs?
Trả lời đúng
Trả lời sai
7. Teresa is concerned about attacks against an application programming interface (API) that her company provides for its customers. What should she recommend to ensure that the API is only used by customers who have paid for the service?
Trả lời đúng
Trả lời sai
8. What type of attack is based on sending more data to a target variable than the data can actually hold?
Trả lời đúng
Trả lời sai
9. You have been asked to test your company network for security issues. The specific test you are conducting involves primarily using automated and semiautomated tools to look for known vulnerabilities with the various systems on your network. Which of the following best describes this type of test?
Trả lời đúng
Trả lời sai
10. Yan wants to gain admission to a network which is protected by a network access control (NAC) system that recognized the hardware address of systems. How can he bypass this protection?
Trả lời đúng
Trả lời sai
11. Which of the following best describes a collection of computers that have been compromised and are being controlled from one central point?
Trả lời đúng
Trả lời sai
12. John wants to prevent SSRF attacks. Which of the following will not be helpful for preventing them?
Trả lời đúng
Trả lời sai
13. What type of attack is based on entering fake entries into a target network’s domain name server?
Trả lời đúng
Trả lời sai
14. Which of the following capabilities is not a key part of a SOAR (security orchestration, automation, and response) tool?
Trả lời đúng
Trả lời sai
15. John discovers that email from his company’s email servers is being blocked because of spam that was sent from a compromised account. What type of lookup can he use to determine what vendors like McAfee and Barracuda have classified his domain as?
Trả lời đúng
Trả lời sai
Cảm xúc của bạn?