CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 211:

  Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw.

  Which of the following attacks has MOST likely occurred?

  A. Cookie stealing

  B. Zero-day

  C. Directory traversal

  D. XML injection

  Correct Answer: B

  The vulnerability was unknown in that the IDS and antivirus did not detect it. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it--this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term "zero day" refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

  Incorrect Answers:

  A: In computer science, session hijacking, sometimes also known as cookie hijacking or cookie stealing is the exploitation of a valid computer session--sometimes also called a session key--to gain unauthorized access to information or

  services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on

  many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. This is not what is described in this question.

  Therefore, this answer is incorrect.

  C: Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even

  execute commands on the server. Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching

  through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners. This is not what

  is described in this question. Therefore, this answer is incorrect.

  D: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take

  advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents.

  The best way to prevent XML injection attacks is to filter the user's input and sanitize it to make certain that it does not cause XPath to return more data than it should. This is not what is described in this question. Therefore, this answer is

  incorrect.

  References: http://www.pctools.com/security-news/zero-day-vulnerability/ http://en.wikipedia.org/wiki/Session_hijacking http://searchsecurity.techtarget.com/definition/directory-traversal http://searchsecurity.techtarget.com/definition/directory-traversal Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 337

• Question 212:

  A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.

  Which of the following BEST describes this exploit?

  A. Malicious insider threat

  B. Zero-day

  C. Client-side attack

  D. Malicious add-on

  Correct Answer: B

  A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it--this exploit is called a zero day attack. Uses of zero day

  attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term "zero day" refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the

  vulnerability becomes known, a race begins for the developer, who must protect users. In this question, there are no patches are available to mitigate the vulnerability. This is therefore a zero-day vulnerability.

  Incorrect Answers:

  A: An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. This is not what is described in this question. Therefore, this answer is incorrect.

  C: Attackers are finding success going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients rather than attacking servers. This is known as a client-side attack. A client-side attack is not what is described in this question. Therefore, this answer is incorrect.

  D: A malicious add-on is a software `add-on' that modifies the functionality of an existing application. An example of this would be an Internet browser add-on. This is not what is described in this question. Therefore, this answer is incorrect.

  References:

  http://www.pctools.com/security-news/zero-day-vulnerability/ http://en.wikipedia.org/wiki/Insider_threat

• Question 213:

  A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?

  A. Buffer overflow

  B. Cross-site scripting

  C. XML injection

  D. SQL injection

  Correct Answer: A

  The hex character 90 (x90) means NOP or No Op or No Operation. In a buffer overflow attack, the buffer can be filled and overflowed with No Op commands. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

  Incorrect Answers:

  B: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. A repeated series of the hex character 90 is not an example of an XSS attack. Therefore, this answer is incorrect.

  C: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user's input and sanitize it to make certain that it does not cause XPath to return more data than it should. A repeated series of the hex character 90 is not an example of XML injection. Therefore, this answer is incorrect.

  D: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. A repeated series of the hex character 90 is not an example of SQL injection. Therefore, this answer is incorrect.

  References:

  http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Cross-site_scripting Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 337 http://

  en.wikipedia.org/wiki/SQL_injection

• Question 214:

  Which of the following was launched against a company based on the following IDS log?

  122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET

  /index.php?

  username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA

  AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/

  forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"

  A. SQL injection

  B. Buffer overflow attack

  C. XSS attack

  D. Online password crack

  Correct Answer: B

  The username should be just a username; instead we can see it's a long line of text with an HTTP command in it. This is an example of a buffer overflow attack. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

  Incorrect Answers:

  A: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must

  exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly

  executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. The code in the question is not SQL code.

  Therefore, this answer is incorrect.

  C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. The code in this question is not an example of an XSS attack. Therefore, this answer is incorrect.

  D: The code in the question is not an online password crack. The long text in place of a username indicates an attempt to overflow a memory buffer. Therefore, this answer is incorrect.

  References:

  http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/SQL_injection http://en.wikipedia.org/wiki/Cross-site_scripting

• Question 215:

  A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?

  A. Zero-day

  B. Buffer overflow

  C. Cross site scripting

  D. Malicious add-on

  Correct Answer: B

  This question describes a buffer overflow attack.

  A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

  Incorrect Answers:

  A: A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it --this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term "zero day" refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. Zero-day attacks are generally not used to attack legacy applications. Memory errors are indicative of a buffer overflow attack. Therefore, this answer is incorrect.

  C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. XSS attacks are not used to attack legacy applications. Memory errors are indicative of a buffer overflow attack. Therefore, this answer is incorrect.

  D: The application is a legacy application. It is therefore unlikely to have an add-on. The question states that the application often stops running due to a memory error. Memory errors are indicative of a buffer overflow attack. Therefore, this answer is incorrect.

  References:

  http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Cross-site_scripting http://www.pctools.com/security-news/zero-day-vulnerability/

• Question 216:

  While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?

  A. Cross-site scripting

  B. Buffer overflow

  C. Header manipulation

  D. Directory traversal

  Correct Answer: B

  When the user opens an attachment, the attachment is loaded into memory. The error is caused by a memory issue due to a buffer overflow attack.

  A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

  Incorrect Answers:

  A: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. As XSS is a web based attack, it would require the user to open a web page, not an email attachment. Therefore, this answer is incorrect.

  C: A header manipulation attack uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access. When used with XSRF, the attacker can even change a user's cookie. Internet Explorer 8 and above include InPrivate Filtering to help prevent some of this. By default, your browser sends information to sites as they need it--think of requesting a map from a site; it needs to know your location in order to give directions. With InPrivate Filtering, you can configure the browser not to share information that can be captured and manipulated. As header manipulation is a web based attack, it would require the user to open a web page, not an email attachment. Therefore, this answer is incorrect.

  D: Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners. As directory traversal is a form of HTTP exploit, it would require the user to open a web page, not an email attachment. Therefore, this answer is incorrect.

  References:

  http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Cross-site_scripting Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 340 http://

  searchsecurity.techtarget.com/definition/directory-traversal

• Question 217:

  Which of the following application attacks is used to gain access to SEH?

  A. Cookie stealing

  B. Buffer overflow

  C. Directory traversal

  D. XML injection

  Correct Answer: B

  Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns. If it has been altered, the program exits with a segmentation fault. Microsoft's implementation of Data Execution Prevention (DEP) mode explicitly protects the pointer to the Structured Exception Handler (SEH) from being overwritten. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

  Incorrect Answers:

  A: In computer science, session hijacking, sometimes also known as cookie hijacking or cookie stealing is the exploitation of a valid computer session--sometimes also called a session key--to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. This type of attack is not used to gain access to the Structured Exception Handler (SEH). Therefore, this answer is incorrect.

  C: Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners. This type of attack is not used to gain access to the Structured Exception Handler (SEH). Therefore, this answer is incorrect.

  D: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user's input and sanitize it to make certain that it does not cause XPath to return more data than it should. This type of attack is not used to gain access to the Structured Exception Handler (SEH). Therefore, this answer is incorrect.

  References: http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Session_hijacking http://searchsecurity.techtarget.com/definition/directory-traversal Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 337

• Question 218:

  Data execution prevention is a feature in most operating systems intended to protect against which type of attack?

  A. Cross-site scripting

  B. Buffer overflow

  C. Header manipulation

  D. SQL injection

  Correct Answer: B

  Data Execution Prevention (DEP) is a security feature included in modern operating systems. It marks areas of memory as either "executable" or "nonexecutable", and allows only data in an "executable" area to be run by programs, services, device drivers, etc. It is known to be available in Linux, OS X, Microsoft Windows, iOS and Android operating systems. DEP protects against some program errors, and helps prevent certain malicious exploits, especially attacks that store executable instructions in a data area via a buffer overflow.

  A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

  Incorrect Answers:

  A: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Data Execution Prevention (DEP) is not used to prevent against this type of attack. Therefore, this answer is incorrect.

  C: A header manipulation attack uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access. When used with XSRF, the attacker can even change a user's cookie. Internet Explorer 8 and above include InPrivate Filtering to help prevent some of this. By default, your browser sends information to sites as they need it--think of requesting a map from a site; it needs to know your location in order to give directions. With InPrivate Filtering, you can configure the browser not to share information that can be captured and manipulated. Data Execution Prevention (DEP) is not used to prevent against this type of attack. Therefore, this answer is incorrect.

  D: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. Data Execution Prevention (DEP) is not used to prevent against this type of attack. Therefore, this answer is incorrect.

  References:

  http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Cross-site_scripting Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 340 http://

  en.wikipedia.org/wiki/SQL_injection

• Question 219:

  A malicious individual is attempting to write too much data to an application's memory. Which of the following describes this type of attack?

  A. Zero-day

  B. SQL injection

  C. Buffer overflow

  D. XSRF

  Correct Answer: C

  A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

  Incorrect Answers:

  A: A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it --this exploit is called a zero day attack. Uses of zero

  day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term "zero day" refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the

  vulnerability becomes known, a race begins for the developer, who must protect users. This type of attack does not attempt to write too much data to an application's memory.

  Therefore, this answer is incorrect.

  B: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must

  exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly

  executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. This type of attack does not attempt to write too much data to an application's memory. Therefore, this answer is

  incorrect.

  D: Cross-Site Request Forgery--also known as XSRF, session riding, and one-click attack-- involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge, and it employs some

  type of social networking to pull it off. For example, assume that Evan and Spencer are chatting through Facebook. Spencer sends Evan a link to what he purports is a funny video that will crack him up. Evan clicks the link, but it actually

  brings up Evan's bank account information in another browser tab, takes a screenshot of it, closes the tab, and sends the information to Spencer. The reason the attack is possible is because Evan is a trusted user with his own bank. In order

  for it to work, Evan would need to have recently accessed that bank's website and have a cookie that had yet to expire. The best protection against cross-site scripting is to disable the running of scripts (and browser profi les). This type of

  attack does not attempt to write too much data to an application's memory.

  Therefore, this answer is incorrect.

  References: http://searchsecurity.techtarget.com/definition/buffer-overflow http://www.pctools.com/security-news/zero-day-vulnerability/ http://en.wikipedia.org/wiki/ SQL_injection Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 335

• Question 220:

  Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.

  Which of the following was used to perform this attack?

  A. SQL injection

  B. XML injection

  C. Packet sniffer

  D. Proxy

  Correct Answer: B

  When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user's input and sanitize it to make certain that it does not cause XPath to return more data than it should.

  Incorrect Answers:

  A: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must

  exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly

  executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. Being a web based form, it is more likely that XML was used rather than SQL. Therefore, this answer is incorrect.

  C: Packet sniffing is the process of intercepting data as it is transmitted over a network. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or

  switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case

  of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. Packet sniffing is not used for modifying data; it only reads it. Therefore this answer is incorrect.

  D: A proxy server is often used to filter web traffic. It is not used to modify the content of HTTP POST commands. Therefore this answer is incorrect.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 337 http://en.wikipedia.org/wiki/SQL_injection