Which of the following events demonstrates an example of cross-site request forgery vulnerability? O a. An attacker was able to bypass the login mechanism via a password-guessing attack. O b. An attacker was able to get sensitive information about the target system from an error message. O c. An attacker could access sensitive data belonging to the HR department of his/her workplace. O d. An attacker was able to induce the victim to change his/her password.

Which of the following events demonstrates an example of cross-site request forgery vulnerability? O a. An attacker was able to bypass the login mechanism via a password-guessing attack. O b. An attacker was able to get sensitive information about the target system from an error message. O c. An attacker could access sensitive data belonging to the HR department of his/her workplace. O d. An attacker was able to induce the victim to change his/her password.

LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.

5th Edition

ISBN:9781337569798

Author:ECKERT

Publisher:ECKERT

Chapter12: Network Configuration

Section: Chapter Questions

Problem 10RQ

See similar textbooks

Similar questions

Which of these can be used to defend against some types of client attacks on a password system (note: the system must remain a user-knowledge-based authentication system)? Select one: a. Hash the passwords and store the hashes, rather than the plaintext passwords b. Store the password on a physical object c. Use one-time passcodes d. Limit the number of login attempts allowed
Which security mechanism(s) are provided in each of the following cases? A school demands student identification and a password to let students log into the school server. A school server disconnects a student if she is logged into the system for more than two hours. A professor refuses to send students their grades by e-mail unless they provide student identification they were preassigned by the professor. A bank requires the customer’s signature for a withdrawal.
Which of these can be used to improve defenses against host attacks on a password system in which the passwords are stored in plain text (note: the system must remain a user-knowledge-based authentication system)? Select one: a. Hash the passwords and store the hashes, rather than the plaintext passwords b. Store the password on a physical object instead c. Use one-time passcodes instead d. Limit the number of attempts allowed
What type of authentication method is displayed in this picture? Multi-Factor Authentication Biometric Authentication Token-based authentication Single Sign-on 2.Wendy is examining the logs of a web server that was compromised by a remote attacker. She notices that right before the attack, the logs show a series of segmentation fault errors. Other logs indicate that the attacker sent very long input strings to the web server that had malicious commands at the end of the string. What type of attack most likely took place? SQL Injection Cross-site request forgery Cross-Site scripting Buffer Overflow 3.Jessica is combatting a security incident where a specific piece of malware is continually infecting systems on her network. She would like to use application control technology to block this file. What type of application control should she use? Greylisting Bluelisting Whitelisting Blacklisting
Which encryption benchmark ensures data is not modified after it’s transmitted and before it’s received? a. Confidentiality b. Integrity c. Availability d. Symmetric
Which one of the following statements is NOT correct about HTTP cookies? a. A cookies is a piece of code that has the potential to compromise the security of an Internet user b. A cookie gains entry to the user’s work area through an HTTP header c. A cookie has an expiry date and time d. Cookies can be used to track the browsing pattern of a user at a particular site
What is the definition of a reverse shell? When an attacker receives a shell prompt from a remote system, what is the first thing they do? In the lab, what command is used to verify that the attacker has a remote connection to the Security Onion's shell?
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.) : A. Deploy a WAF. B. Use containers. C. Conduct input sanitization. D. Patch the OS E. Deploy a reverse proxy F. Deploy a SIEM. ~if you could explain why you chose that correct choice, Id appreciate it. Thank you!
which of the following is not a type of attack used against access controls? -BRUTE FORCE ATTACK -DICTIONARY ATTACK -MAN IN THE MIDDLE ATTACK -TEARDROP
On servers with Linux operating system, access logs are kept under which of the following directories by default?A) /var/log/B) /var/log/auth/C)/log/D)/log/auth/ Which of the following would an attacker prefer to run operating system-level code with MSSQL?A) MSSQL cannot run code at the operating system level.B) MSSQL agentC) xp_cmdshellD) There are no options. As a network administrator, you want to reduce the attack surface on your systems. Which of the following helps?A) Creating shared folderB) Make sure that only the necessary services are activeC) To record access activitiesD) monitor network traffic Which of the following products can an institution prefer to use if its antivirus software is up-to-date on the computers in its network?A) FirewallB) DLPC) Web ProxyD) NAC When John enters the mobile banking app on his smartphone, he sees his account balance is decreasing. What would it be better for John to do first to fix this situation?A) Closing and reopening the mobile…
The Kerberos Authentication Server might reject an AS_REQ message and instead require pre-authentication - that is, it requires the client to send a timestamp encrypted with the client key. Why does it do this? Select one: a. It must not disclose the Ticket Granting Ticket before the client has authenticated b. It is dangerous to respond to an AS_REQ message before the client has authenticated c. Responding to multiple AS_REQ messages would allow a guessed plaintext attack d. It needs the client's public key to check the pre-authentication message was signed correctly
A local Windows 10 administrator created a group called Trainees using Computer Management console. Then, he assigned local users in this security group. Members of the Trainees group need access to a custom application running on a domain-joined server Srv01. Can the Trainees group be used to provide access to this application? True False